- Scan ID:
- 0423acaf-5fe7-42da-a7a7-bbd81e22971dFinished
- Submitted URL:
- https://slashdot.org/
- Report Finished:
Risks · 0 found
Practices that may pose security risks
Security Headers · 5 found
HTTP response headers that can harden the security of a web application
Learn more...| Name | Value | Support | Info |
|---|---|---|---|
| Strict-Transport-Security | max-age=31536000 | Good | Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more... |
| X-Frame-Options | SAMEORIGIN | Good | Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more... |
| X-Content-Type-Options | — | Good | Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more... |
| Content-Security-Policy | frame-ancestors 'self'; upgrade-insecure-requests; form-action 'self' slashdot.org slashdot.us15.list-manage.com; frame-src 'self' slashdot.org *.lijit.com *.btloader.com http://*.pro-market.net *.crsspxl.com *.google.com *.googlesyndication.com *.safeframe.usercontent.goog *.doubleclick.net *.googleadservices.com *.adtrafficquality.google console.googletagservices.com challenges.cloudflare.com *.recaptcha.net recaptcha.net *.adnxs.com *.indexww.com *.rubiconproject.com *.pubmatic.com *.smartadserver.com *.tapad.com http://*.youtube.com http://*.youtube-nocookie.com slashdotmedia.com error-report.com *.error-report.com html-load.com *.html-load.com *.fb.html-load.com content-loader.com *.content-loader.com *.fb.content-loader.com; object-src http://*.youtube.com; script-src 'self' slashdot.org *.slashdot.org slashdot.org *.slashdotmedia.com a.fsdn.com challenges.cloudflare.com *.lijit.com *.moatads.com *.adsafeprotected.com *.sharethrough.com *.2mdn.net *.adnxs.com *.jobbio.com *.script.ac *.defybrick.com *.aniview.com *.vidazoo.com *.pubmatic.com chimpstatic.com *.mailchimp.com mc.us15.list-manage.com ml314.com *.stack-sonar.com *.licdn.com translate.googleapis.com *.doubleclick.net *.googleadservices.com *.adtrafficquality.google translate.google.cn *.gstatic.cn *.google.com *.ampproject.org *.consentmanager.net *.microsofttranslator.com *.gstatic.com *.googletagservices.com *.recaptcha.net recaptcha.net *.google-analytics.com *.googlesyndication.com *.cloudflareinsights.com d3tglifpd8whs6.cloudfront.net rpxnow.com btloader.com *.crsspxl.com http://*.pro-market.net *.4dex.io *.adnxs-simple.com *.s-onetag.com *.rubiconproject.com *.trustarc.com *.truste.com *.doubleverify.com *.tapad.com *.pghub.io pghub.io *.sharethru.com j.6sc.co html-load.com *.html-load.com *.fb.html-load.com content-loader.com *.content-loader.com *.fb.content-loader.com blob: adservice.google.ad adservice.google.ae adservice.google.at adservice.google.be adservice.google.bg adservice.google.ca adservice.google.ch adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.kr adservice.google.co.th adservice.google.co.uk adservice.google.co.zw adservice.google.com.au adservice.google.com.bo adservice.google.com.hk adservice.google.com.mx adservice.google.com.ph adservice.google.com.pk adservice.google.com.sa adservice.google.com.sg adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.hu adservice.google.ie adservice.google.it adservice.google.li adservice.google.lu adservice.google.mu adservice.google.mv adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.se adservice.google.sk adservice.google.com.br adservice.google.com.ar adservice.google.cl adservice.google.com.co adservice.google.com.cu adservice.google.com.cy adservice.google.es adservice.google.hr adservice.google.im adservice.google.lk adservice.google.me adservice.google.mg adservice.google.com.mm adservice.google.com.ng adservice.google.com.np adservice.google.com.pr adservice.google.com.uy adservice.google.co.za adservice.google.jo adservice.google.bs adservice.google.al adservice.google.co.tz adservice.google.rw adservice.google.hn adservice.google.lt adservice.google.iq adservice.google.si adservice.google.bj adservice.google.co.ao adservice.google.com.gh adservice.google.kz adservice.google.com.eg adservice.google.com.ec adservice.google.co.ve adservice.google.com.py adservice.google.lv adservice.google.mn adservice.google.com.bn adservice.google.tn adservice.google.ml adservice.google.is adservice.google.com.sv adservice.google.com.bz adservice.google.az adservice.google.gt adservice.google.sn adservice.google.cm adservice.google.com.kh adservice.google.ge adservice.google.com.et adservice.google.com.pe adservice.google.com.ly adservice.google.co.mz adservice.google.com.bh adservice.google.com.mt adservice.google.ps adservice.google.so adservice.google.bf adservice.google.co.nz adservice.google.com.gt adservice.google.co.zm adservice.google.je adservice.google.cv adservice.google.la adservice.google.bi adservice.google.com.jm adservice.google.tt adservice.google.com.kw adservice.google.cd adservice.google.gy adservice.google.tg adservice.google.com.af adservice.google.com.lb adservice.google.sr adservice.google.com.ni adservice.google.ki adservice.google.com.na adservice.google.ht adservice.google.nr adservice.google.td adservice.google.co.ls adservice.google.gl adservice.google.bt adservice.google.tm adservice.google.com.vc adservice.google.co.bw adservice.google.vg adservice.google.as adservice.google.cg adservice.google.com.ag adservice.google.com.tj adservice.google.dm adservice.google.to adservice.google.dj adservice.google.cf adservice.google.ws adservice.google.st adservice.google.gm adservice.google.fm adservice.google.com.sb adservice.google.com.pg adservice.google.com.gi adservice.google.com.ai adservice.google.co.ck adservice.google.ru adservice.google.nu adservice.google.com.my adservice.google.com.bd adservice.google.ci adservice.google.co.cr adservice.google.co.ke adservice.google.co.ug adservice.google.co.uz adservice.google.co.vi adservice.google.ms adservice.google.com.fj adservice.google.com.om adservice.google.com.pa adservice.google.com.qa adservice.google.ga adservice.google.gg adservice.google.kg adservice.google.md adservice.google.mk adservice.google.mw adservice.google.ne adservice.google.sm adservice.google.tl adservice.google.sc adservice.google.vu 'unsafe-inline' 'unsafe-eval'; report-uri https://sourceforge.report-uri.com/r/d/csp/enforce | Good | Control resources the user agent is allowed to load for a given page. Click to learn more... |
| Referrer-Policy | — | Good | Control how much referrer information should be included with requests. Click to learn more... |
| Clear-Site-Data | — | Good | Control the data stored by a client browser for their origins. Click to learn more... |
| X-Permitted-Cross-Domain-Policies | — | Good | Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more... |
| Permissions-Policy | geolocation=(); microphone=(); camera=(); payment=(); document-domain=(); display-capture=(); autoplay=() | New | Allow and deny the use of browser features in a document or iframe. Click to learn more... |
| Cross-Origin-Embedder-Policy | — | New | Configure embedding cross-origin resources into the document. Click to learn more... |
| Cross-Origin-Opener-Policy | — | New | Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more... |
| Cross-Origin-Resource-Policy | — | New | Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more... |
| X-XSS-Protection | — | Deprecated | Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more... |
| Feature-Policy | geolocation 'none'; microphone 'none'; camera 'none'; payment 'none'; document-domain 'none'; display-capture 'none'; autoplay 'none' | Deprecated | Deprecated. Replaced by the Permissions-Policy header. Click to learn more... |
| Expect-CT | — | Deprecated | Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more... |
| Public-Key-Pins | — | Deprecated | Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more... |
Security Violations · 0 found
Requests or resources offending security policies
Certificates · 7 found
SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification
| Subject | Issue date | Expiry date |
|---|---|---|
| slashdot.org | Mar 8, 2024, 00:00:00 | Dec 31, 2024, 23:59:59 |
| fsdn.com | Jan 18, 2024, 00:00:00 | Dec 31, 2024, 23:59:59 |
| *.cloudfront.net | Jul 30, 2024, 00:00:00 | Jul 3, 2025, 23:59:59 |
| d.delivery.consentmanager.net | Oct 10, 2024, 23:37:14 | Jan 8, 2025, 23:37:13 |
| 1376624012.rsc.cdn77.org | Nov 14, 2024, 20:51:38 | Feb 12, 2025, 20:51:37 |
| c.delivery.consentmanager.net | Oct 10, 2024, 23:37:05 | Jan 8, 2025, 23:37:04 |
| sourceforge.net | Feb 4, 2024, 00:00:00 | Dec 31, 2024, 23:59:59 |