Security Report Summary
B
Site: https://www.screencast.com/t/Ve99Q8arH/
IP Address: 45.60.63.242
Report Time: 26 Jan 2020 18:48:32 UTC
Headers:
  • Strict-Transport-Security
  • X-Content-Type-Options
  • Referrer-Policy
  • X-Frame-Options
  • Content-Security-Policy
  • Feature-Policy
Supported By
Report URI
Quickly and easily enable reporting for CSP and other Security Headers!
Raw Headers
HTTP/1.1200 OK
Cache-Controlprivate
Content-Typetext/html; charset=utf-8
ServerMicrosoft-IIS/8.5
Strict-Transport-Securitymax-age=15552000; includeSubDomains
X-Content-Type-Optionsnosniff
X-Download-Optionsnoopen
Referrer-Policystrict-origin-when-cross-origin
X-XSS-Protection1; mode=block
Content-Security-Policy-Report-Onlydefault-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.techsmith.com *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com use.typekit.net www.google-analytics.com www.googletagmanager.com az416426.vo.msecnd.net ajax.googleapis.com *.hotjar.com *.hotjar.io cdn-javascript.net ssl.google-analytics.com ajax.aspnetcdn.com getsatisfaction.com loader.engage.gsfn.us *.cloudfront.net cdnjs.cloudflare.com;object-src 'self' *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;style-src 'self' 'unsafe-inline' *.cloudfront.net *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com use.fontawesome.com cdnjs.cloudflare.com;img-src * data: blob:;media-src 'self' *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;frame-src 'self' *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net widget.getsatisfaction.com vars.hotjar.com www.googletagmanager.com data:;font-src 'self' data: *.typekit.net fonts.gstatic.com themes.googleusercontent.com *.googleapis.com optimize.google.com cdnjs.cloudflare.com;connect-src 'self' *.screencast.com dc.services.visualstudio.com feedback.techsmith.com *.tsc-dev.co *.tsc-stage.co *.techsmith.com performance.typekit.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com *.redis.net stats.g.doubleclick.net;frame-ancestors 'self' * *.screencast.com;report-uri https://techsmithscreencast.report-uri.com/r/d/csp/reportOnly
Set-CookieASP.NET_SessionId=pv2ejtfpganksphv3dsvxjl2; domain=.screencast.com; path=/; secure; HttpOnly; SameSite=Lax
X-Frame-OptionsSAMEORIGIN
Set-CookieASP.NET_SessionId=pv2ejtfpganksphv3dsvxjl2; domain=.screencast.com; path=/; secure; HttpOnly; SameSite=Lax
Set-CookieAntiCsrfToken=NjvNo2RtNL7z_ZlbXWTKSdiWM3aP0TITo8fS_6kpdXPfdv0aR0YW4EQJEMTFM3V5eH-hQlG90vrOGzWPjLGCYYGO5xU1; domain=.screencast.com; path=/; secure; HttpOnly; SameSite=None
DateSun, 26 Jan 2020 18:48:31 GMT
Set-Cookievisid_incap_1947674=O9gyyfkrSwaGKrGsAvCnTv/eLV4AAAAAQUIPAAAAAABJE6rQfnGSoGYWPkkq3gWv; expires=Mon, 25 Jan 2021 11:37:09 GMT; path=/; Domain=.screencast.com
Set-Cookienlbi_1947674=OPNyYOiZdjTqvrk8a3/UOgAAAABylCxEBiMsR+hk3oqjzE9Z; path=/; Domain=.screencast.com
X-CDNIncapsula
Transfer-Encodingchunked
X-Iinfo5-38124646-38124648 NNNY CT(0 1 0) RT(1580064511724 14) q(0 0 0 0) r(1 2) U5
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
Feature-PolicyFeature Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Upcoming Headers
Expect-CTExpect-CT allows a site to determine if they are ready for the upcoming Chrome requirements and/or enforce their CT policy.
Additional Information
ServerThis Server header seems to advertise the software being run on the server but you can remove or change this value.
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
X-XSS-ProtectionX-XSS-Protection sets the configuration for the XSS Auditor built into older browser. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead.
Content-Security-Policy-Report-OnlyContent Security Policy Report Only is used to test a Content Security Policy before making it live. The browser will report on actions that would have been taken based on the policy. Analyse this policy in more detail.
Set-CookieThere is no Cookie Prefix on this cookie.
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
Set-CookieThere is no Cookie Prefix on this cookie.
Set-CookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.