Security Report Summary
D
| Site: | https://www.groupon.pl/ | ||
|---|---|---|---|
| IP Address: | 95.100.98.96 | ||
| Report Time: | 01 Sep 2025 00:33:47 UTC | ||
| Headers: |
|
||
| Advanced: |
|
Missing Headers
| Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
|---|---|
| X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
| Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
| Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Raw Headers
| HTTP/2 | 200 |
|---|---|
| content-type | text/html; charset=utf-8 |
| set-cookie | division=warszawa; Max-Age=157680000; Expires=Sat, 31 Aug 2030 00:33:47 GMT; Path=/; Domain=.groupon.pl |
| set-cookie | user_locale=pl_PL; Max-Age=34186464; Expires=Thu, 1 Oct 2026 16:48:11 GMT; Path=/; Domain=.groupon.pl; Secure |
| set-cookie | b=580747d8-2426-4b39-8747-d824264b3940; Max-Age=315360000; Expires=Thu, 30 Aug 2035 00:33:47 GMT; Path=/; Domain=.groupon.pl |
| set-cookie | s=a25f0e55-e346-4587-9f0e-55e346458751; Max-Age=1800; Expires=Mon, 1 Sep 2025 01:03:47 GMT; Path=/; Domain=.groupon.pl |
| set-cookie | sigFraudCheck=c00d4635-4960-4b6f-8d46-3549600b6f59; Max-Age=86400; Expires=Tue, 2 Sep 2025 00:33:47 GMT; Path=/; Domain=.groupon.pl |
| set-cookie | _csrf=IZQHcQvE8Sa9upnKZWO6eZ4w; Path=/; Secure; HTTPOnly |
| set-cookie | pageId=a25f0e55-e346-4587-9f0e-55e346458751-1756686827488-TH0; Max-Age=34186464; Expires=Thu, 1 Oct 2026 16:48:11 GMT; Path=/; Domain=.groupon.pl; Secure |
| x-external-request-id | true |
| x-request-id | a8496ba4-9974-4125-a7a6-72dbe3232dde,a8496ba4-9974-4125-a7a6-72dbe3232dde |
| x-b-cookie | 580747d8-2426-4b39-8747-d824264b3940 |
| x-s-cookie | a25f0e55-e346-4587-9f0e-55e346458751 |
| x-signifyd-cookie | c00d4635-4960-4b6f-8d46-3549600b6f59 |
| x-ua-compatible | IE=edge,chrome=1 |
| x-frame-options | DENY |
| x-destination | tls_conveyor_pull_itier |
| x-b3-traceid | a8496ba499744125a7a672dbe3232dde |
| x-powered-by | Express |
| x-application | Pull-Itier |
| cache-control | private, max-age=0, no-cache, no-store, must-revalidate |
| x-page-id | a25f0e55-e346-4587-9f0e-55e346458751-1756686827488-TH0 |
| link | <https://www2.grouponcdn.com/browse/assets/home_desktop-ada01c02e0.css>; rel=preload; as=style, <https://www2.grouponcdn.com/browse/assets/home_desktop-c54f8f05bb.js>; rel=preload; as=script |
| x-envoy-upstream-service-time | 431 |
| x-request-originated-from | envoy-tls-side-car--ingress-https |
| x-response-served-from | pull--eu-west-1--default--conveyor-production49 |
| x-original-request-id | a8496ba4-9974-4125-a7a6-72dbe3232dde |
| x-forwarded-proto | https |
| server-timing | rReq;dur=430, rCon;dur=0, rHdr;dur=430 |
| x-response-served-from | routing-service--public--eu-west-1--conveyor-production49 |
| x-original-request-id | a8496ba4-9974-4125-a7a6-72dbe3232dde |
| x-forwarded-proto | https |
| x-akamai-transformed | 0 - 0 - |
| content-encoding | gzip |
| date | Mon, 01 Sep 2025 00:33:47 GMT |
| vary | Accept-Encoding, User-Agent |
| strict-transport-security | max-age=2628000 |
| set-cookie | _abck=64BCB70D63847CF55EB8252104D3CDE2~-1~YAAQXGJkX5a07PKYAQAAssGxAg7ZKoGpK6HDs9u9j1Yx8oKRijsonOQ3pD3gbcRT6YtTGZ//DVgShhZEF3UzF9FQjwlaeAGIrn7bmxMv/FBMgVQdzf8bktyQG7pQvIvD/FBHQjVbzGxgSR5i38wSbrQuwDuVfR0sY5LCy9N5GagkwzP3bPeThaOI/GvXrRqi6P7LF6n5zdJDl+aAdg3kGFKWtVO53ngymbBKV+/EDXMuTsH+7HD1bJMR1aOTzbPZtYmPFqwZzQv/dRJ26VJJUBM3JrCfoI9w+QlFzLLFlmLfDe1XOQ/QOZTYKEgc4gd2EZ8fz5yu0OpOtIozJxu7++UU5aERnlmdEDgYWgPGK8fBkK9/PT7q874XCXdX5rA33gqxsS8EFgLbU5uBQfDY1aCOrHIcOGKXZJ6rdba9XhNR2vJR1WeDRpH0MGD8qn+wqb932NV6Iy0=~-1~-1~-1~~; Domain=.groupon.pl; Path=/; Expires=Tue, 01 Sep 2026 00:33:47 GMT; Max-Age=31536000; Secure |
| set-cookie | ak_bmsc=654945F3E477F95EA043D666379DFFCF~000000000000000000000000000000~YAAQXGJkX5e07PKYAQAAssGxAhwdCtualG8xIEVnsf64QJHuiAy3tUrdxat7+h5Kped0r28QSAbMYSGq4WbY/3b1CaJbfU4gJ2b4eAl2joeWHJIpsnJqjpl1uVXy6IevoZ524v/bm+xKRWWVilDNiLg54CnQzWVaC9obKnj4DXsSx3C+v1Z5tm/kBgs1w//F9splL13AVvtbfOJ0v6hOivDQsreBdLYMzh4c36Sqya8j+1fvKf84/+Tz90EgcFHbcrCVfVmcs3KlnFU2RGWHJmA0GACA7Uhz+Ub07otERly6seJyDEPmuai12f3pN1aJMo2UmJQilCPNPA4ThVdURguNp7GNmxXHn9lt7BIQMHkNNVV4TRRq6ZJCUmHHsCxFsN4w+02qKkJ1fxkIRA==; Domain=.groupon.pl; Path=/; Expires=Mon, 01 Sep 2025 02:33:47 GMT; Max-Age=7200 |
| set-cookie | bm_sz=09EA906A75ACB498D0689C889BA20559~YAAQXGJkX5i07PKYAQAAssGxAhxwhM785hKpQsiLu3K8eIkW/GrgfrIwINRGP12FE1I9gR+N3uaZ/velGXmHp7cqKsONj4PcHEsZh33CEnLFi3iwgtzbKqV63sVwYj85S/HEds1KgljFBUmqfKDQA+JmjtQYpKyBrlz1rCPOU6eGpAYZCI9wfCzsZdkR/y1eDVmzXbltJ4m3e8OeiJ5HpqpgYFwyKROwZZb27g3Y5lk6dvhYqtEfmcKj+GnbjHXqo8zeyHt1pVhxS2sPLqz4exw7/dC537PEKKiSOvjw8mz1OIKmSFh4N+EOAGtcDvCAVDwfAeOzHlwjP2Xk38vEQX+xJlIGdkYixLSRrPJhXcTpNXRYy9iOGa8nGmXQbwLXA+LBAspnTJBgUO16lr8n~4342070~3753284; Domain=.groupon.pl; Path=/; Expires=Mon, 01 Sep 2025 04:33:47 GMT; Max-Age=14400 |
Upcoming Headers
| Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
|---|---|
| Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
| Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
| set-cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |
|---|---|
| x-frame-options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
| x-powered-by | X-Powered-By can usually be seen with values like "PHP/5.5.9-1ubuntu4.5" or "ASP.NET". Trying to minimise the amount of information you give out about your server is a good idea. This header should be removed or the value changed. |
| strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |