Security Report Summary
R
Redirect: Click here to follow the redirect to https://www.salesforce.com/eu/?ir=1.
Site: https://www.salesforce.com/
IP Address: 23.72.36.233
Report Time: 13 Jun 2026 14:28:50 UTC
Headers:
  • Content-Security-Policy
  • X-Frame-Options
  • X-Content-Type-Options
  • Referrer-Policy
  • Permissions-Policy
  • Strict-Transport-Security
Advanced:
Perform a deeper security analysis of your website and APIs:
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN".
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Warnings
Strict-Transport-SecurityThe "max-age" directive is too small. The minimum recommended value is 2592000 (30 days).
Response is not HTMLThe content-type of the response does not indicate HTML. Not all headers, and therefore the score, may be appropriate.
Raw Headers
HTTP/2302
serverAkamaiGHost
content-length0
locationhttps://www.salesforce.com/eu/?ir=1
cache-controlprivate, max-age=300
expiresSat, 13 Jun 2026 14:33:50 GMT
dateSat, 13 Jun 2026 14:28:50 GMT
set-cookieak_loc=cc:IE,ct:DUBLIN,st:DUBLIN,msa:DUBLIN,pmsa:DUBLIN; path=/
set-cookieAKA_A2=A; expires=Sat, 13-Jun-2026 15:28:50 GMT; path=/; domain=salesforce.com; secure; HttpOnly
set-cookieew_renderer_id=49; expires=Sun, 13-Jun-2027 14:28:50 GMT; path=/; secure
server-timingcdn-cache; desc=HIT
server-timingedge; dur=1
strict-transport-securitymax-age=86400
ak-uuid0.ec244817.1781360930.ab919e4e
set-cookie_abck=874AD610794AC094590F541B9628156C~-1~YAAQ7CRIF+Bb9YCeAQAAjq9iwRDlqZyTJ8w6sBYHXNtnYr3T7Xrk+YhRxrQ/i2B//v/JJMSUA1Uez0LI5KDFcwPpu5lWrT+GE4FfTJC0KtArrdIa4jOrSzllu8ZfhvFKcmmednbAeRRLCuvREFjzADAkvpXskJtymsSEsZVLUyHKbALO9g8SqqkYMPDIaD9WgPiwwB7Jg+Jxe7wM5td1kjMKci/2Owu1wxf5iEBvsxeC+/zUw8Ijq5wifjfZemJv0cgQqIOAOPvVecbQhq9SmGQOo3AeV+tXELhc3qBVjrweF3RAZ6LNwnJaCl0GcSJC1LShWlSt+L35zaoIq/api+zSfRCcJppLGB0z8VydUTezuMjSsKREnlVXxh8fEZhrIZa64faKWW6SU/aaeExLA5ygZjZUVEso+J8gDOCXGWFOACqOvH8YyMMWNZFw9kyec81LDS4dUzy7O2YB~-1~-1~-1~-1~-1; Domain=.salesforce.com; Path=/; Expires=Sun, 13 Jun 2027 14:28:50 GMT; Max-Age=31536000; Secure
set-cookiebm_sz=7DD968B61BC32998389FDDE68AF25AC6~YAAQ7CRIF+Fb9YCeAQAAjq9iwQCrg3AU1qVAsM60axwChgpIbNoZLyd9GTkA7u93AR9lOlhGOuUHnrxBBSOqfg0ADeFWgfibhDdEzklaOa+feaXvrLpFCE6j6cNMA5lEjk2zzvRt1uU3DjhEVGykwOXYVYmPrx7KU9zjTZmCYUmXr/1u5lznqv5ubaHI3+xfM+/cguZg7jKeIJW4yIn/trlOb7UMSKaRSVEJ6gkjDgvuc2DbWO+l9SbObpAiu2TuE2QPdcZJ20dz0WmPCO6vlZtwekuZ+rfNzQSXOiXVLgGPulxQVpGoDoWsIB2Qp+pdvpodeZIMlLXiZbSecgN5K3mo3CsMevzlfGz74UQ4u1ki8FKiHCfnISXXQlKVW24BBjztLee3Kuh2dmW010ANC1s36A==~3683905~3224624; Domain=.salesforce.com; Path=/; Expires=Sat, 13 Jun 2026 18:28:50 GMT; Max-Age=14400
server-timingak_p; desc="1781360930582_390604012_2878447182_60_73925_2_18_15";dur=1
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
serverServer value has been changed. Typically you will see values like "Microsoft-IIS/8.0" or "nginx 1.7.2".
strict-transport-securityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.