- Scan ID:
- f1de9f49-eee4-418d-a771-5a9bb29ef9fdFinished
- Submitted URL:
- https://rdrama.net/comment/7225340#contextRedirected
- Report Finished:
Risks · 0 found
Practices that may pose security risks
Security Headers · 6 found
HTTP response headers that can harden the security of a web application
Learn more...| Name | Value | Support | Info |
|---|---|---|---|
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload | Good | Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more... |
| X-Frame-Options | deny | Good | Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more... |
| X-Content-Type-Options | nosniff | Good | Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more... |
| Content-Security-Policy | default-src 'none'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; worker-src 'self'; base-uri 'self'; font-src 'self' files.catbox.moe fonts.gstatic.com; style-src-elem 'self' rdrama.net watchpeopledie.tv; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src-elem 'self' challenges.cloudflare.com static.cloudflareinsights.com; script-src-attr 'none'; script-src 'self' challenges.cloudflare.com static.cloudflareinsights.com; frame-src www.teamblind.com www.tiktok.com www.instagram.com embed.reddit.com substack.com *.substack.com challenges.cloudflare.com cdpn.io platform.twitter.com rumble.com player.twitch.tv; connect-src 'self' submit.watchpeopledie.tv; img-src i.imgur.com media0.giphy.com media4.giphy.com external-preview.redd.it i.rdrama.net watchpeopledie.tv media1.giphy.com files.catbox.moe uploads.kiwifarms.st media.giphy.com i.redd.it 64.media.tumblr.com i.kym-cdn.com pbs.twimg.com media1.tenor.com media.tenor.com i.postimg.cc i.giphy.com preview.redd.it media3.giphy.com cdn.bsky.app i.ytimg.com kiwifarms.hk pomf2.lain.la 66.media.tumblr.com uploads.kiwifarms.net media2.giphy.com dragcave.net marsey.world i.watchpeopledie.tv i.pinimg.com kiwifarms.st videos2.watchpeopledie.tv live.staticflickr.com 37.media.tumblr.com v.redd.it rdrama.net i.imgur.io substackcdn.com 78.media.tumblr.com kiwifarms.net thumbs.gfycat.com videos.watchpeopledie.tv staging.rdrama.net c.tenor.com upload.wikimedia.org uploads.kiwifarms.hk data:; media-src *.googlevideo.com archive.org *.archive.org litter.catbox.moe i.imgur.com media0.giphy.com media4.giphy.com external-preview.redd.it i.rdrama.net watchpeopledie.tv media1.giphy.com files.catbox.moe uploads.kiwifarms.st media.giphy.com i.redd.it 64.media.tumblr.com i.kym-cdn.com pbs.twimg.com media1.tenor.com media.tenor.com i.postimg.cc i.giphy.com preview.redd.it media3.giphy.com cdn.bsky.app i.ytimg.com kiwifarms.hk pomf2.lain.la 66.media.tumblr.com uploads.kiwifarms.net media2.giphy.com dragcave.net marsey.world i.watchpeopledie.tv i.pinimg.com kiwifarms.st videos2.watchpeopledie.tv live.staticflickr.com 37.media.tumblr.com v.redd.it rdrama.net i.imgur.io substackcdn.com 78.media.tumblr.com kiwifarms.net thumbs.gfycat.com videos.watchpeopledie.tv staging.rdrama.net c.tenor.com upload.wikimedia.org uploads.kiwifarms.hk; upgrade-insecure-requests; | Good | Control resources the user agent is allowed to load for a given page. Click to learn more... |
| Referrer-Policy | same-origin | Good | Control how much referrer information should be included with requests. Click to learn more... |
| Clear-Site-Data | — | Good | Control the data stored by a client browser for their origins. Click to learn more... |
| X-Permitted-Cross-Domain-Policies | — | Good | Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more... |
| Permissions-Policy | — | New | Allow and deny the use of browser features in a document or iframe. Click to learn more... |
| Cross-Origin-Embedder-Policy | — | New | Configure embedding cross-origin resources into the document. Click to learn more... |
| Cross-Origin-Opener-Policy | same-origin | New | Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more... |
| Cross-Origin-Resource-Policy | — | New | Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more... |
| X-XSS-Protection | — | Deprecated | Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more... |
| Feature-Policy | — | Deprecated | Deprecated. Replaced by the Permissions-Policy header. Click to learn more... |
| Expect-CT | — | Deprecated | Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more... |
| Public-Key-Pins | — | Deprecated | Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more... |
Security Violations · 0 found
Requests or resources offending security policies
Certificates · 3 found
SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification
| Subject | Issue date | Expiry date |
|---|---|---|
| rdrama.net | Dec 30, 2023, 00:00:00 | Dec 29, 2024, 23:59:59 |
| cloudflareinsights.com | Sep 3, 2024, 08:38:23 | Dec 2, 2024, 08:38:22 |
| challenges.cloudflare.com | Sep 5, 2024, 16:26:55 | Dec 4, 2024, 17:26:54 |