Security Report Summary
F
Site: | http://vizr.ru/ - (Scan again over https) | ||
---|---|---|---|
IP Address: | 185.221.152.120 | ||
Report Time: | 28 Mar 2024 10:48:41 UTC | ||
Headers: |
|
||
Warning: | Grade capped at A, please see warnings below. | ||
Advanced: |
|
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
X-Frame-Options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN". |
X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Warnings
Site is using HTTP | This site was served over HTTP and did not redirect to HTTPS. |
---|
Raw Headers
HTTP/1.1 | 200 OK |
---|---|
Server | nginx/1.14.1 |
Date | Thu, 28 Mar 2024 10:48:41 GMT |
Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
X-Powered-By | PHP/5.4.16 |
Set-Cookie | ci_session=wJ82eNxY0D6VtmOVfYDKSqEBRpQMKA8CVlEF5Ison4PEwNygaN8L1vVOZNWEejSOIsFGhpqPZOA0j8%2Fl45eH5nx%2Frhupasg8ev4Mjnf6vff26eS7af2rod6MORikymwDdT7VRSgfAEdyBiGICBxgPMnlQpcpsceS2pXQCyHJTDPaNbzFm%2FMEJyuvpWdS8yzFZb%2BQ6pidqAE62VBYlRkcuifZe8ezdn0O4eeP06p8fzRiElBsUaMPJpCgkcTmSrwFzXVW0hbScL1wf79YV%2BNru4G5ue1Vsn8%2BidOoVIHvQMoFywENg9nbZhW9bIOG6nM9nBUiyRm6YkW%2FebX9DDpIMFShjvP2dh3wu9O54r0170VMU69ztdK97xe%2Bn4kuJOuYdVZh3XMkZLbNADz3PG7iLWZqR8qvGj12pGi5vo7hD20pvg22RnZFCg3mD6yxiwwoUBM8Yjs%2F05%2BERyt%2BYWxH1g%3D%3D; expires=Sat, 28-Mar-2026 10:48:41 GMT; path=/ |
Set-Cookie | ci_session=dWe2P6ZHaWTUPcaaE3GdsP5WdejnfTe2pUQGMiPwYnDKPrczzvgVmgrp%2F5odtktZzd4jjdQC%2FmpwPTJHMbZ8uKU%2BSKx0vcF1WXVqBpdVt9sf36t3khnYUlLq7cuMZ6WuGLqdOMysneWwQQqAzFEWTyVyZJIN7oY2ChGGDv%2Fw%2BRzyzmgKiel36mbWqgyPt88erJdz8QpMfDjHiD9DB2defpi0lWkhNj9i9eacS%2FUcIrkS8W7OruHSbZ9J1n3wvVzlvcseBLyGiSz346qPaBNJ3m%2BYjJc%2FsRFmXWhQLbfjgwq0tgtPNKqsUE9Ru%2BkpsfABB11D%2BJWGeUQyGGZx892GJf%2F0O2Otm%2Bha7%2FizJHx4hfJBsD1XSZpRzNH3Hj4U6fHEa8kObD08OzWlhDq3DPhBvdQhRn89CM9iznO3JRumNUZuvugPsxJZkLbtVbhF%2FgP1TZaYKVYwVOVy7iGZg6aTnz1PEm4QGX4VO3KOqQqog1WSHpQfZvFiemOPJ20O7zbIgIZBmp6faA%2BX0za6T6Uipjz%2FxG0TuV%2BoXIghQ3Uqiuc%3D; expires=Sat, 28-Mar-2026 10:48:41 GMT; path=/ |
Set-Cookie | ci_session=sV%2FeOeuo4%2BJryK0JX9Co98hw6kuknWwe6iNGw7Q%2B8LLcrnLVtx%2FfSF13c2T%2FQUK%2BWK%2Figgrw6czqyhn2m34e8unS%2BIdFIcS1hqqeja2k0VPcBosHoGcUw74EM%2Bta7%2B%2FMI%2FzGc2Qn2GeatP5zgPbGBlCzTw3ZwDstO9B95qSoE%2BWK0l7UVj1z5tZL2qC6C8iEcjdnOcFX7rh53C2h5SyNMOtfjCrZgfKQhD74uRJi%2FkEBcPNOCM1I%2BcZLf22ce9kY4ZamZLvKdP%2F%2FCUt3PIL8aZSieXZFMjZ3azcHBzMG%2BWUVmYmjto3QUIydsjOMY%2FLxCyawOAgGnyNK7LHiFz12JmA7oeDBrboM2zYye44y4ePLX1KgV%2FoLYm8v6H3vHdst3ubvQ90SXdeAsNRbof2uu0j%2BXtiF%2BNGAo9cpM3RwB4e5otPicZuUabPsimuX%2F%2BDMmfisMUBy6L9cuCldBXozJQIlUBIJqgqhn8p0yZ%2BgJfcv3o6pLSqJNhMlbQUtc9qOTKB7N5hQws4RYefPWTJKCRb8NBafJInhIvfZ7oV8lE0%3D; expires=Sat, 28-Mar-2026 10:48:41 GMT; path=/ |
Cache-Control | max-age=0 |
Expires | Thu, 28 Mar 2024 10:48:41 GMT |
Content-Encoding | gzip |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
Server | This Server header seems to advertise the software being run on the server but you can remove or change this value. |
---|---|
X-Powered-By | X-Powered-By can usually be seen with values like "PHP/5.5.9-1ubuntu4.5" or "ASP.NET". Trying to minimise the amount of information you give out about your server is a good idea. This header should be removed or the value changed. |
Set-Cookie | The 'httpOnly' flag is not set on this cookie. This is not a SameSite Cookie. |
Set-Cookie | The 'httpOnly' flag is not set on this cookie. This is not a SameSite Cookie. |
Set-Cookie | The 'httpOnly' flag is not set on this cookie. This is not a SameSite Cookie. |