Security Report Summary
C
Site: https://www.ulethbridge.ca/
IP Address: 142.66.8.36
Report Time: 31 Aug 2025 22:16:59 UTC
Headers:
  • X-Content-Type-Options
  • X-Frame-Options
  • Strict-Transport-Security
  • Content-Security-Policy
  • Referrer-Policy
  • Permissions-Policy
Advanced:
Not bad… Maybe you should perform a deeper security analysis of your website and APIs:
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Raw Headers
HTTP/1.1200 OK
Servernginx/1.22.1
Content-Typetext/html; charset=UTF-8
Cache-Controlmax-age=31536000, public
DateFri, 29 Aug 2025 21:17:19 GMT
X-Drupal-Dynamic-CacheUNCACHEABLE (poor cacheability)
Content-languageen
X-Content-Type-Optionsnosniff
X-Frame-OptionsSAMEORIGIN
ExpiresSun, 19 Nov 1978 05:00:00 GMT
Last-ModifiedFri, 29 Aug 2025 21:17:18 GMT
ETagW/"1756502238"
X-GeneratorDrupal 10 (https://www.drupal.org)
Purge-Cache-Tagscontext_block_page group:1 group_menu_link_content-1 config:context.context.basic_ulethbridge_content_page group_view config:filter.format.full_html paragraph:52026 config:paragraphs.settings paragraph:52015 paragraph:55096 paragraph:56726 paragraph:56729 paragraph_view paragraph:52025 paragraph:42387 paragraph:25927 media_view media:35765 config:image.style.large file:228559 config:filter.format.filtered_html paragraph:52024 paragraph:35852 paragraph:25926 paragraph:52023 paragraph:25925 paragraph:52022 paragraph:25924 paragraph:43026 paragraph:25923 paragraph:52021 paragraph:25922 paragraph:25921 media:81725 file:240764 paragraph:25920 media:81724 config:image.style.editor_thumbnail file:240763 paragraph:25919 media:81723 file:240762 paragraph:52020 paragraph:35851 paragraph:25918 paragraph:52019 paragraph:35850 paragraph:25917 paragraph:52018 paragraph:25916 paragraph:52017 paragraph:25915 paragraph:37734 paragraph:35849 paragraph:35848 paragraph:25914 paragraph:25913 paragraph:52016 paragraph:25912 paragraph:37733 paragraph:35846 paragraph:35845 paragraph:35847 paragraph:25911 paragraph:58987 paragraph:58986 paragraph:58985 media:86169 file:246001 paragraph:55216 paragraph:55215 paragraph:55214 paragraph:60719 media:86162 file:245993 paragraph:56707 paragraph:56706 paragraph:56705 media:84768 config:responsive_image.styles.responsive_editor_full_width config:image.style.editor_medium config:image.style.editor_full_width config:image.style.editor_extra_large config:image.style.editor_large paragraph:56704 paragraph:56703 paragraph:56702 paragraph:56701 media:84772 node:25563 group_relationship_list:plugin:group_node:alumni_honour_society_inductee group_relationship_list:plugin:group_node:alumnus_of_the_year group_relationship_list:plugin:group_node:deadlines group_relationship_list:plugin:group_node:flexible_messaging_area group_relationship_list:plugin:group_node:grant_fund_received group_relationship_list:plugin:group_node:instructor group_relationship_list:plugin:group_node:personal_information_bank group_relationship_list:plugin:group_node:program_review group_relationship_list:plugin:group_node:program_undergraduate group_relationship_list:plugin:group_node:reference_document group_relationship_list:plugin:group_node:request_proposal group_relationship_list:plugin:group_node:research_award group_relationship_list:plugin:group_node:tabbed_content group_relationship_list:plugin:group_node:admission_requirements group_relationship_list:plugin:group_node:article group_relationship_list:plugin:group_node:award_opportunity group_relationship_list:plugin:group_node:degree_graduate group_relationship_list:plugin:group_node:document group_relationship_list:plugin:group_node:event_link group_relationship_list:plugin:group_node:external_award group_relationship_list:plugin:group_node:external_resource group_relationship_list:plugin:group_node:grants group_relationship_list:plugin:group_node:news_release group_relationship_list:plugin:group_node:obituary group_relationship_list:plugin:group_node:page group_relationship_list:plugin:group_node:profile group_relationship_list:plugin:group_node:program_graduate group_relationship_list:plugin:group_node:space group_relationship_list:plugin:group_node:supervisor group_relationship_list:plugin:group_node:webform node:25564 node:25565 group:99 group:82 node:25566 node:25567 node:25568 node:25569 group:126 node:25571 node:37318 node:25572 node:25573 node:25574 group:116 node:25575 group:91 node:60 node:25576 node:25577 node:25578 node:25579 node:25580 node:25581 node:25582 group:48 group:141 node:24278 config:system.menu.group_menu_link_content-1 CACHE_MISS_IF_UNCACHEABLE_HTTP_METHOD:form config:antibot.settings rendered http_response config:user.role.anonymous config:group_role_list config:group.role.department-anonymous flexible_permissions group_relationship_list:plugin:group_membership:entity:0
X-Drupal-CacheMISS
X-PHPAPP-P2-debugphp1
Content-Encodinggzip
VaryCookie, Accept-Encoding
X-Varnish6491651 323948
Age176379
Via1.1 varnish (Varnish/7.1)
Accept-Rangesbytes
Strict-Transport-Securitymax-age=63072000; includeSubDomains; preload
X-Varnish-hostits-varnish01-p
X-Varnish-debug-topOrig Loc :
X-Varnish-debughttps--www.ulethbridge.ca--/
X-Varnish-vcl_deliver-hostwww.ulethbridge.ca
Content-Length16996
Connectionkeep-alive
Set-CookieBIGipServervarnish-prod_and_staging=3389407886.49431.0000; path=/; Httponly; Secure
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
ServerThis Server header seems to advertise the software being run on the server but you can remove or change this value.
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.