https://kurucard.negedet.com/

Scan ID:
727c526c-5a82-4c33-9e28-d0951c075e73Finished
Submitted URL:
https://kurucard.negedet.com/
Report Finished:

Risks · 0 found

Copy link

Practices that may pose security risks

  • No classification

Security Headers · 6 found

Copy link

HTTP response headers that can harden the security of a web application

Learn more...
NameValueSupportInfo
Strict-Transport-Securitymax-age=31536000; includeSubDomains; preloadGoodDeclare that a website is only accessible over a secure connection (HTTPS).

Click to learn more...
X-Frame-OptionsDENYGoodIndicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>.

Click to learn more...
X-Content-Type-OptionsnosniffGoodIndicate that the MIME types advertised in the Content-Type headers should be followed and not be changed.

Click to learn more...
Content-Security-Policydefault-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; frame-ancestors 'none'; GoodControl resources the user agent is allowed to load for a given page.

Click to learn more...
Referrer-Policyno-referrerGoodControl how much referrer information should be included with requests.

Click to learn more...
Clear-Site-Data—GoodControl the data stored by a client browser for their origins.

Click to learn more...
X-Permitted-Cross-Domain-Policies—GoodControl whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains.

Click to learn more...
Permissions-Policy—NewAllow and deny the use of browser features in a document or iframe.

Click to learn more...
Cross-Origin-Embedder-Policy—NewConfigure embedding cross-origin resources into the document.

Click to learn more...
Cross-Origin-Opener-Policy—NewEnsure a top-level document does not share a browsing context group with cross-origin documents.

Click to learn more...
Cross-Origin-Resource-Policy—NewRequest that the browser blocks no-cors cross-origin/cross-site requests to the given resource.

Click to learn more...
X-XSS-Protection1; mode=blockDeprecatedDeprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

Click to learn more...
Feature-Policy—DeprecatedDeprecated. Replaced by the Permissions-Policy header.

Click to learn more...
Expect-CT—DeprecatedDeprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements.

Click to learn more...
Public-Key-Pins—DeprecatedDeprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.

Click to learn more...

Security Violations · 20 found

Copy link

Requests or resources offending security policies

ViolationTypeInfo
Resource
https://kurucard.negedet.com/
Description
Refused to load the script 'https://cdn.tailwindcss.com/' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to load the script 'https://cdn.jsdelivr.net/npm/sweetalert2@11' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to load the script 'https://cdn.tailwindcss.com/' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-ZbaajnmvF4HZ5JlR0F+QzhOmJ9u5pAOM/Xwp4k/3Peg='), or a nonce ('nonce-...') is required to enable inline execution.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-6CtfFUu76iLq2NwJQN7UCYWiiOBYfmJz7Nkdv5yjoQc='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-c0qEE1IsAe1c0Z0jwpO6wvhLG+lfOBCPTYwV58f1PHk='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-X8Lw0BPekOKuCmQXiqZqHDfb0vemsn1+1eH+2pXbSys='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-6OKwgTCsDZ74fnTpoUj4wb5nLmlMdPDZjuGX2Jg3KEI='), or a nonce ('nonce-...') is required to enable inline execution.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-R1fgBZjz/e1mvpcUxuXkYomtBNbLX2tVXVbvpQfd6iw='), or a nonce ('nonce-...') is required to enable inline execution.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-Idqwcrhuno1sTa0vdIGYUmyS2JScsH0/jQmX9xaKQbU='), or a nonce ('nonce-...') is required to enable inline execution.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-20i0Ja+ISwFVa58x5kOPEFlHaup8bjGUMvtmOYAPB2w='), or a nonce ('nonce-...') is required to enable inline execution.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-rD6skRmoRisRr9aanDCsnC6zwGVHmalGxQUUSZeHdgA='), or a nonce ('nonce-...') is required to enable inline execution.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to load the stylesheet 'https://cdn.jsdelivr.net/npm/[email protected]/dist/tailwind.min.css' because it violates the following Content Security Policy directive: "style-src 'self'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to load the stylesheet 'https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css' because it violates the following Content Security Policy directive: "style-src 'self'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-W5v2utO8JzzXUB50LVjGJpddDXnxKmIX6fRNKWA+3hM='), or a nonce ('nonce-...') is required to enable inline execution.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to load the script 'https://cdn.tailwindcss.com/' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-L8/Xp1tSn++hcnOCbpdhUjCRODg/hh2qonn97npfuXc='), or a nonce ('nonce-...') is required to enable inline execution.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to load the script 'https://cdn.tailwindcss.com/' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-Mdo4O60qqsT1iRm3c4KCkLGXjUGu6hGpvcJLkP6mTSU='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://kurucard.negedet.com/
Description
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-t78axxTYJJzuz0ealuXbl2xLSo0CAq2iA6JM3IRq2Aw='), or a nonce ('nonce-...') is required to enable inline execution.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...

Certificates · 1 found

Copy link

SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification

SubjectIssue dateExpiry date
negedet.com