Security Report Summary
D
Site: https://www.fucktheprincess.com/
IP Address: 34.198.6.28
Report Time: 26 Nov 2020 04:19:00 UTC
Headers:
  • Strict-Transport-Security
  • Content-Security-Policy
  • X-Frame-Options
  • X-Content-Type-Options
  • Referrer-Policy
  • Permissions-Policy
Supported By
Probely
Your site could be at risk, let’s perform a deeper security analysis of your site and APIs:
Raw Headers
HTTP/1.1200 OK
DateThu, 26 Nov 2020 04:19:00 GMT
Content-Typetext/html; charset=utf-8
Content-Length186600
Set-CookieAWSALB=ON9L/9kcp043t+Sw+8Q0E4e61C7zxmUXvrlRkLwHFuC8UdO3isuevNUiFGw2DAwJZoAHMWaV6dl9d6AC9epZFI6I38AFb0uOU+wu3cnC0JG1mvng0apkZhRQaPGt; Expires=Thu, 03 Dec 2020 04:18:59 GMT; Path=/
Set-CookieAWSALBCORS=ON9L/9kcp043t+Sw+8Q0E4e61C7zxmUXvrlRkLwHFuC8UdO3isuevNUiFGw2DAwJZoAHMWaV6dl9d6AC9epZFI6I38AFb0uOU+wu3cnC0JG1mvng0apkZhRQaPGt; Expires=Thu, 03 Dec 2020 04:18:59 GMT; Path=/; SameSite=None
Cache-Controlprivate
Pragmano-cache
ExpiresThu, 26 Nov 2020 04:17:55 GMT
ServerMicrosoft-IIS/10.0
Set-CookieASP.NET_SessionId=s2uoyioxq1dw03zliblcics0; path=/; HttpOnly; SameSite=Lax
X-AspNet-Version4.0.30319
Set-CookieASP.NET_SessionId=s2uoyioxq1dw03zliblcics0; path=/; HttpOnly; SameSite=Lax
Set-CookieLanguage=en; expires=Fri, 26-Nov-2021 04:18:55 GMT; path=/
Set-Cookiervh_gg=7592d19d48be4d0e837916a23a8bea0f; expires=Fri, 26-Nov-2021 04:18:55 GMT; path=/
Set-Cookietheme=wlg_uni_bla_ora; expires=Fri, 26-Nov-2021 04:18:55 GMT; path=/
Set-Cookiebagsrv={i:"ceibezteqj6yb257yjc5ysul6",t:1,v:1}; expires=Sun, 10-Jan-2021 04:18:55 GMT; path=/
Set-Cookieil2hpc=1; path=/
Set-Cookietid=0; expires=Fri, 26-Nov-2021 04:18:55 GMT; path=/
Set-Cookiesgid=0; expires=Fri, 26-Nov-2021 04:18:55 GMT; path=/
Set-Cookie7ORlydXrcRAMGhtb3k3wZw%3d%3d=7mN86WfQzgVQZg2uBm1UYANp3l8uXcSGau14RGSc7nRQg1nzvO2YMC99aa59jtrU98izRaDJE3UQamZBf84H0aIFZQuTedhQzY2z6kw3CeMHcYFVRAjqvtut9%2fbH4yCG; expires=Sun, 10-Jan-2021 04:18:55 GMT; path=/
Set-CookielogoutPhase=1; expires=Fri, 27-Nov-2020 04:18:55 GMT; path=/
Set-Cookielgid=0; expires=Fri, 27-Nov-2020 04:18:55 GMT; path=/
Set-Cookieshowbm=0; path=/
Set-Cookiebagsrv={i:"ceibezteqj6yb257yjc5ysul6",t:1,v:1}; expires=Sun, 10-Jan-2021 04:18:56 GMT; path=/
X-Powered-ByASP.NET
X-OneAgent-JS-Injectiontrue
X-ruxit-JS-Agenttrue
Set-CookiedtCookie=v_4_srv_10_sn_3DEF7782F5DC08446504142F8B4E8DD2_perc_100000_ol_0_mul_1; Path=/; Domain=.fucktheprincess.com
Strict-Transport-Securitymax-age=63072000
Set-CookieLBSRV=4fc9ceee35ba8e75; path=/
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN".
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Upcoming Headers
Expect-CTExpect-CT allows a site to determine if they are ready for the upcoming Chrome requirements and/or enforce their CT policy.
Additional Information
ServerThis Server header seems to advertise the software being run on the server but you can remove or change this value.
Set-CookieThe 'secure' flag is not set on this cookie. There is no Cookie Prefix on this cookie.
X-AspNet-VersionX-AspNet-Version details specific information about your ASP.NET version and should be removed.
Set-CookieThe 'secure' flag is not set on this cookie. There is no Cookie Prefix on this cookie.
X-Powered-ByX-Powered-By can usually be seen with values like "PHP/5.5.9-1ubuntu4.5" or "ASP.NET". Trying to minimise the amount of information you give out about your server is a good idea. This header should be removed or the value changed.
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.