Security Report Summary
D
Site: | https://www.groupon.pl/ | ||
---|---|---|---|
IP Address: | 23.221.78.32 | ||
Report Time: | 22 May 2024 00:16:51 UTC | ||
Headers: |
|
||
Advanced: |
|
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Raw Headers
HTTP/2 | 200 |
---|---|
server | envoy |
content-type | text/html; charset=utf-8 |
set-cookie | division=warszawa; Max-Age=157680000; Expires=Mon, 21 May 2029 00:16:51 GMT; Path=/; Domain=.groupon.pl |
set-cookie | user_locale=pl_PL; Max-Age=34186464; Expires=Sat, 21 Jun 2025 16:31:15 GMT; Path=/; Domain=.groupon.pl; Secure |
set-cookie | b=d9b0dd57-b014-47e3-b0dd-57b01437e3c2; Max-Age=315360000; Expires=Sat, 20 May 2034 00:16:51 GMT; Path=/; Domain=.groupon.pl |
set-cookie | s=fb995f4d-9de2-4d85-995f-4d9de2bd850b; Max-Age=1800; Expires=Wed, 22 May 2024 00:46:51 GMT; Path=/; Domain=.groupon.pl |
set-cookie | _csrf=IjCw5f5PMxIy-1EVxhD0ZKzE; Path=/; Secure; HTTPOnly |
set-cookie | pageId=fb995f4d-9de2-4d85-995f-4d9de2bd850b-1716337010503-TH0; Max-Age=34186464; Expires=Sat, 21 Jun 2025 16:31:15 GMT; Path=/; Domain=.groupon.pl; Secure |
x-external-request-id | true |
x-request-id | d66771f7-7c58-42eb-8dca-b64161c0d234,d66771f7-7c58-42eb-8dca-b64161c0d234 |
x-b-cookie | d9b0dd57-b014-47e3-b0dd-57b01437e3c2 |
x-s-cookie | fb995f4d-9de2-4d85-995f-4d9de2bd850b |
x-ua-compatible | IE=edge,chrome=1 |
x-frame-options | DENY |
x-destination | tls_conveyor_pull_itier |
x-b3-traceid | d66771f77c5842eb8dcab64161c0d234 |
x-powered-by | Express |
x-application | Pull-Itier |
cache-control | private, max-age=0, no-cache, no-store, must-revalidate |
x-page-id | fb995f4d-9de2-4d85-995f-4d9de2bd850b-1716337010503-TH0 |
link | <https://www2.grouponcdn.com/browse/assets/home_desktop-b5c784e5b7.css>; rel=preload; as=style, <https://www2.grouponcdn.com/browse/assets/home_desktop-17e2d85526.js>; rel=preload; as=script |
x-envoy-upstream-service-time | 1473 |
x-request-originated-from | envoy-tls-side-car--ingress-https |
x-response-served-from | pull--eu-west-1--default--conveyor-production49 |
x-original-request-id | d66771f7-7c58-42eb-8dca-b64161c0d234 |
x-forwarded-proto | https |
x-response-served-from | routing-service--public--eu-west-1--conveyor-production49 |
x-original-request-id | d66771f7-7c58-42eb-8dca-b64161c0d234 |
x-forwarded-proto | https |
x-akamai-transformed | 9 41794 0 pmb=mTOE,1 |
content-encoding | gzip |
date | Wed, 22 May 2024 00:16:51 GMT |
content-length | 34458 |
vary | Accept-Encoding, User-Agent |
strict-transport-security | max-age=2628000 |
set-cookie | _abck=4AA9596F92E28A523BCA6EF2F173A6BA~-1~YAAQRmDQF6O5bGyPAQAAH2yonQvv++Oh/Q7OppLGvK8W1GNTuWfMyxnlfkn2IhoMOd7BmuVyUKjR9ikbYyRmcl9gUDBgkukuSUdJDpOGGnynLcAaK7VpVVFr6fIjcKB1igfIF+tgohLZjJxVZuIScicxPmDfY9dPW3wnbQetWo2X/ymUH08muN5JE8N6erjPoyOhcAF3wdlSw4MaBg7Ivf+5gUjIlNP0c0n5UxNLX0kzgWYuqnm558dUExlwK8IDYbNaEA5Y2NeeBm1CznHzYrRoMxGEECV3DQ8SXIvXP7hv8LuKjr8gpTneiIoDbNq7k4puBS0gJMyQucbgZHLSgLnMaxfQR4mSKc+81QX2RM1KICrugkyYLQGPOHU=~-1~-1~-1; Domain=.groupon.pl; Path=/; Expires=Thu, 22 May 2025 00:16:51 GMT; Max-Age=31536000; Secure |
set-cookie | bm_sz=30BE154C712700AC17A2CC72E172581A~YAAQRmDQF6S5bGyPAQAAH2yonRdSfVP9+w12j0gepiaeO8xdUOx2EOtwhV4Ty5VcHf8qEm9UsH5mVzPr0jeTLSje9U3elEFJa9j7JDLJh46KXVITZFAXrwIb0J/rITNgXPV/wGgq6GC8r6oOsnkrzDiRd99Rtn1ruEm9Wrh15hVLkr+40wY+bOTZJtwHF5FUNDNQ0hfs6zflXuZ7HmEpcrZsvuaxA4Y2AfOIXzpoHuIld4HmLWln0yLAI1PhZs7Uz8BqKbIYDRWTWs/tGXERMPwEpzVY2a/zKJabJQyVc8Ft0FpChgvMR2+oKkEcbYFHa4TNADuXKsWMdjBJOE2Qjgko8vFrFVPu6hYSQyEMWIVjDnWAIQv6mzwggSp9KkDH6RgQiH8ztRvqK0GuWQ==~3553331~3687747; Domain=.groupon.pl; Path=/; Expires=Wed, 22 May 2024 04:16:49 GMT; Max-Age=14398 |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
server | Server value has been changed. Typically you will see values like "Microsoft-IIS/8.0" or "nginx 1.7.2". |
---|---|
set-cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |
x-frame-options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
x-powered-by | X-Powered-By can usually be seen with values like "PHP/5.5.9-1ubuntu4.5" or "ASP.NET". Trying to minimise the amount of information you give out about your server is a good idea. This header should be removed or the value changed. |
strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |