https://theandrewbailey.com/article/280/World-of-Goo-2

Submitted URL:
https://theandrewbailey.com/article/280/World-of-Goo-2
Report Finished:
  • No classification
NameValueSupportInfo
Strict-Transport-Securitymax-age=16000000; includeSubDomainsGoodDeclare that a website is only accessible over a secure connection (HTTPS).

Click to learn more...
X-Frame-OptionsGoodIndicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>.

Click to learn more...
X-Content-Type-OptionsnosniffGoodIndicate that the MIME types advertised in the Content-Type headers should be followed and not be changed.

Click to learn more...
Content-Security-Policydefault-src 'self'; img-src 'self' data:; font-src data:; object-src 'none'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; upgrade-insecure-requests; script-src 'nonce-c738aa63-3e7d-4758-b6c2-37b682ed9389'; style-src 'self'; report-uri https://theandrewbailey.com/report; GoodControl resources the user agent is allowed to load for a given page.

Click to learn more...
Referrer-Policystrict-origin-when-cross-originGoodControl how much referrer information should be included with requests.

Click to learn more...
Clear-Site-DataGoodControl the data stored by a client browser for their origins.

Click to learn more...
X-Permitted-Cross-Domain-PoliciesGoodControl whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains.

Click to learn more...
Permissions-Policybluetooth=(); ch-device-memory=(); ch-downlink=(); ch-dpr=(); ch-ect=(); ch-prefers-color-scheme=(); ch-prefers-reduced-motion=(); ch-prefers-reduced-transparency=(); ch-rtt=(); ch-save-data=(); ch-ua=(); ch-ua-arch=(); ch-ua-bitness=(); ch-ua-form-factors=(); ch-ua-full-version=(); ch-ua-full-version-list=(); ch-ua-mobile=(); ch-ua-model=(); ch-ua-platform=(); ch-ua-platform-version=(); ch-ua-wow64=(); ch-viewport-height=(); ch-viewport-width=(); ch-width=(); clipboard-read=(); clipboard-write=(); compute-pressure=(); cross-origin-isolated=(); display-capture=(); ethereum=(); gamepad=(); hid=(); identity-credentials-get=(); idle-detection=(); keyboard-map=(); local-fonts=(); publickey-credentials-create=(); publickey-credentials-get=(); screen-wake-lock=(); serial=(); solana=(); storage-access=(); unload=(); window-management=()NewAllow and deny the use of browser features in a document or iframe.

Click to learn more...
Cross-Origin-Embedder-PolicyNewConfigure embedding cross-origin resources into the document.

Click to learn more...
Cross-Origin-Opener-PolicyNewEnsure a top-level document does not share a browsing context group with cross-origin documents.

Click to learn more...
Cross-Origin-Resource-PolicyNewRequest that the browser blocks no-cors cross-origin/cross-site requests to the given resource.

Click to learn more...
X-XSS-ProtectionDeprecatedDeprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

Click to learn more...
Feature-Policygeolocation 'none'; midi 'none'; payment 'none'; camera 'none'; usb 'none'; fullscreen 'none'; magnetometer 'none'; picture-in-picture 'none'; accelerometer 'none'; autoplay 'none'; encrypted-media 'none'; gyroscope 'none'; xr-spatial-tracking 'none'; sync-xhr 'none'; microphone 'none'DeprecatedDeprecated. Replaced by the Permissions-Policy header.

Click to learn more...
Expect-CTDeprecatedDeprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements.

Click to learn more...
Public-Key-PinsDeprecatedDeprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.

Click to learn more...
  • None found
SubjectIssue dateExpiry date
theandrewbailey.comNov 11, 2024, 01:11:02Feb 9, 2025, 01:11:01