See: http://killmalware.com/cash-box.pl/#
Not safe: https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=cash-box.pl
Insecure: https://observatory.mozilla.org/analyze.html?host=www.cash-box.pl

script-src [missing]
script-src directive is missing.
expand_more

errorobject-src [missing]
Missing object-src allows the injection of plugins which can execute JavaScript. Can you set it to ‘none’?
expand_more

In: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.cash-box.pl%2F

And 1 issue here: Scripts 1 issues
Tag Result

polonus