Security Report Summary
B
Site: https://www.screencast.com/t/Ve99Q8arH/
IP Address: 45.60.63.242
Report Time: 16 Sep 2019 14:54:48 UTC
Headers:
  • Strict-Transport-Security
  • X-Content-Type-Options
  • Referrer-Policy
  • X-Frame-Options
  • Content-Security-Policy
  • Feature-Policy
Supported By
Report URI
Quickly and easily enable reporting for CSP and other Security Headers!
Raw Headers
HTTP/1.1200 OK
Cache-Controlprivate
Content-Typetext/html; charset=utf-8
ServerMicrosoft-IIS/8.5
Strict-Transport-Securitymax-age=15552000; includeSubDomains
X-Content-Type-Optionsnosniff
X-Download-Optionsnoopen
Referrer-Policystrict-origin-when-cross-origin
X-XSS-Protection1; mode=block
Content-Security-Policy-Report-Onlydefault-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.techsmith.com *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com use.typekit.net www.google-analytics.com www.googletagmanager.com az416426.vo.msecnd.net ajax.googleapis.com *.hotjar.com *.hotjar.io cdn-javascript.net ssl.google-analytics.com ajax.aspnetcdn.com getsatisfaction.com loader.engage.gsfn.us *.cloudfront.net cdnjs.cloudflare.com;object-src 'self' *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;style-src 'self' 'unsafe-inline' *.cloudfront.net *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com use.fontawesome.com cdnjs.cloudflare.com;img-src * data: blob:;media-src 'self' *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;frame-src 'self' *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net widget.getsatisfaction.com vars.hotjar.com www.googletagmanager.com data:;font-src 'self' data: *.typekit.net fonts.gstatic.com themes.googleusercontent.com *.googleapis.com optimize.google.com cdnjs.cloudflare.com;connect-src 'self' *.screencast.com dc.services.visualstudio.com feedback.techsmith.com *.tsc-dev.co *.tsc-stage.co *.techsmith.com performance.typekit.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com *.redis.net stats.g.doubleclick.net;frame-ancestors 'self' * *.screencast.com;report-uri https://techsmithscreencast.report-uri.com/r/d/csp/reportOnly
Set-CookieASP.NET_SessionId=nruitoat2kid3gdstsrn1ygc; domain=.screencast.com; path=/; HttpOnly
X-Frame-OptionsSAMEORIGIN
Set-CookieASP.NET_SessionId=nruitoat2kid3gdstsrn1ygc; domain=.screencast.com; path=/; HttpOnly
Set-CookieAntiCsrfToken=Boto6TdsuXNtQYzrd5M275ju7jAfqZYU0txtrISDZlNWx8TYudlUZZs1lxpqUjoa1Htol3VXJFNpyHKgwhlR2eug-IQ1; domain=.screencast.com; path=/; HttpOnly
DateMon, 16 Sep 2019 14:54:47 GMT
Set-Cookievisid_incap_1947674=WBqli/MXTqKvcKEswKaPbjeif10AAAAAQUIPAAAAAAAYxgWmx8BXrCpt3JEv+Rrp; expires=Tue, 15 Sep 2020 08:44:51 GMT; path=/; Domain=.screencast.com
Set-Cookienlbi_1947674=RGFOWTuL2i3svOmoa3/UOgAAAACqa4ueDZb1XSF9dZlDzumf; path=/; Domain=.screencast.com
Set-Cookieincap_ses_982_1947674=bhJsVfFWPDzOfCWjncSgDTeif10AAAAA+o9v+UawwsmJ5hz+lhUyKA==; path=/; Domain=.screencast.com
X-Iinfo5-31875401-31875402 NNNN CT(101 217 0) RT(1568645687055 23) q(0 0 3 0) r(7 8) U5
X-CDNIncapsula
Transfer-Encodingchunked
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
Feature-PolicyFeature Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Upcoming Headers
Expect-CTExpect-CT allows a site to determine if they are ready for the upcoming Chrome requirements and/or enforce their CT policy.
Additional Information
ServerThis Server header seems to advertise the software being run on the server but you can remove or change this value.
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
X-XSS-ProtectionX-XSS-Protection sets the configuration for the XSS Auditor built into older browser. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead.
Content-Security-Policy-Report-OnlyContent Security Policy Report Only is used to test a Content Security Policy before making it live. The browser will report on actions that would have been taken based on the policy. Analyse this policy in more detail.
Set-CookieThe 'secure' flag is not set on this cookie. There is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
Set-CookieThe 'secure' flag is not set on this cookie. There is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
Set-CookieThe 'secure' flag is not set on this cookie. There is no Cookie Prefix on this cookie. This is not a SameSite Cookie.