Professional Documents
Culture Documents
PDF Report of
Website
Security
monitoring
accidentes247.com
Scanning modules
Infected files 0
Infected files
Security.txt
Errors encountered: security.txt
does not contain Contact field over -5
http. security.txt is not text/plain over
http. No redirection to HTTPs.
content-security-policy 0
content-security-policy 0
content-security-policy 0
Header is present default-src is not found strict-dynamic is missing
content-security-policy 0
content-security-policy -2
content-security-policy 0
'unsafe-inline' is missing 'nonce' is missing 'object-src' has reliable sources
content-security-policy 0
content-security-policy content-security-policy -2
'report-uri'/'report-to' is missing 'script-src' is missing, but 'default-src' 0 'require-trusted-types-for' is missing
is present
13 Apr 23 19:06
PDF Report of Website Secure monitoring
HTTP Security Headers and Content Security Policy Scoring
access-control-allow-origin strict-transport-security 0
x-frame-options
Header is missing or wrongly -3 Header is present and valid Header value is ALLOWALL, -3
configured missing or wrongly configured
x-xss-protection
0
Header is present and valid
13 Apr 23 19:06
PDF Report of Website Secure monitoring
Security recommendations
We recommend closing these ports to Disable non-safe method to avoid Use securitytxt.org service to
protect your server from exploits attacks on your server generate and place valid security.txt
file on your server
Set default-src to 'none' or 'self' to be Setting 'strict-dynamic' and 'nonce' will Carefully check all the external
protected against injection attacks prevent the execution of malicious sources to avoid injection attacks
scripts
Setting 'strict-dynamic' and 'nonce' will Set 'report-uri'/'report-to' attribute to Set require-trusted-types-for to protect
prevent the execution of malicious monitor the CSP violations your website from DOM XSS attacks
scripts
Set directives of feature-policy to Set the value of the header to It is recommended to set the value of
'none' to deny the use of browser determine whether or not the resource the header to either 'DENY' or
features can be accessed by content operating 'SAMEORIGIN' to avoid click-jacking
within the current origin attacks