Your connection isn’t private - privacy error flagged for htxps://91.213.203.142/report.php?id=1415392522226
Certification error for netquery dot com result.
Security headers for this Result Category Name Actual Value Our Recommendation Show All Details
Missing Framing X-Frame-Options Use ‘sameorigin’
Missing Transport Strict-Transport-Security Use ‘max-age=31536000; includeSubDomains’
Missing Content X-Content-Type-Options Use ‘nosniff’
Warning Content Content-Type text/html Use ‘text/html;charset=utf-8’
Missing XSS X-XSS-Protection Use ‘1; mode=block’
Warning Cookies Set-Cookie PHPSESSID=ggd49a0n68…0h0l1sp1lhp2; path=/ Add ‘secure; httponly;’
Correct Caching Cache-Control no-store, no-cache, …check=0, pre-check=0 Use ‘no-cache, no-store, must-revalidate’
Correct Caching Pragma no-cache Use ‘no-cache’
Correct Caching Expires Thu, 19 Nov 1981 08:52:00 GMT Use ‘-1’. Currently, expiration is current time minus -1040997630 seconds.
Missing Access Control X-Permitted-Cross-Domain-Policies Use ‘master-only’
Missing Content Security Policy Content-Security-Policy Try Content-Security-Policy-Report-Only to start. Include default-src ‘self’, avoid ‘unsafe-inline’ and ‘unsafe-eval’
Warning Server Information Server Apache/2.2.22 (Ubuntu) Avoid version numbers
Warning Server Information X-Powered-By PHP/5.4.6-1ubuntu1.8 Avoid header
Warning Date Date Fri, 14 Nov 2014 22:47:43 GMT Check server time, you’re off by -287 seconds.
See vuln.: http://www.domxssscanner.com/scan?url=http%3A%2F%2F91.213.203.142
e.g. Results from scanning URL: htxp://91.213.203.142/javascript/jquery-ui-1.9.2.custom.min.js twice
Number of sources found: 117
Number of sinks found: 92
Not found:
Apache/2.2.22 (Ubuntu) Server at 91.213.203.142 Port 80 *
error: undefined variable jQuery
error: undefined variable e.ui
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var e.ui = 1;
error: line:1: …^
- See what became fixed above version 2.2.22 → http://httpd.apache.org/security/vulnerabilities_22.html
A large class of potential XSS vulnerabilities in GWT applications arises from the use of methods that cause the browser to evaluate their argument as HTML.
pol