https://luminatinet.com/

Scan ID:: ff142c8b-84d0-4f34-ade5-787b195e322aFinished
Submitted URL:: https://luminatinet.com
Report Finished:: Oct 9, 2024, 12:26:28

Risks · 0 found

Practices that may pose security risks

Security Headers · 1 found

HTTP response headers that can harden the security of a web application

Name	Value	Support	Info
Strict-Transport-Security	—	Good	Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more...
X-Frame-Options	—	Good	Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more...
X-Content-Type-Options	—	Good	Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more...
Content-Security-Policy	default-src 'self' https://brightdata.com wss://nexus-websocket-a.intercom.io api.openai.com wss://widget-mediator.zopim.com 'unsafe-inline' 'unsafe-eval' www.comeet.co data: .googleapis.com .googletagmanager.com .google-analytics.com www.googleadservices.com .googlesyndication.com www.pagespeed-mod.com assets.calendly.com calendly.com .doubleclick.net http://ad.doubleclick.net .youtube.com i.ytimg.com .vwo.com .visualwebsiteoptimizer.com widget.trustpilot.com .zdassets.com brightdata.zendesk.com assets.brightdata.com .userway.org cdn.mxpnl.com .mxpnl.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com .thesmilingelbows.com .bing.com .clarity.ms widget.intercom.io .linkedin.com px.ads.linkedin.com js.intercomcdn.com api-iam.intercom.io .hubspot.com hubspot-forms-static-embed.s3.amazonaws.com api-js.mixpanel.com .hsforms.net .hsforms.com .oribi.io .gravatar.com cdn.jsdelivr.net cdnjs.cloudflare.com ajax.cloudflare.com code.jquery.com unpkg.com snap.licdn.com .yandex.ru .yandex.net .yandex.com .yandex.md .yandex.by .netstar-inc.com .gstatic.com yastatic.net cdn.datatables.net .redditstatic.com .6sc.co .quora.com widget-mediator.zopim.com .google.com .google.ad .google.ae .google.com.tr .google.co.il .google.co.cr .google.ca .google.com.ua .google.es .google.co.in .google.com.sg .google.com.np .google.com.mt .google.de .google.com.bd .google.co.id .google.it .google.co.uk .google.co.th .google.co.kr .google.fr .google.co.za .google.com.my .google.com.co .google.co.ve .google.com.sa .google.pt .google.be .google.cz .google.co.ma .google.com.br .google.com.cy .google.co.jp .google.com.vn .google.com.tw .google.ro .google.co.ke .google.com.ng .google.hu .google.pl .google.ie .google.nl .google.se .google.com.do .google.com.mx .google.co.mz .google.at .google.com.ph .google.ge .google.com.au .google.dz .google.ch .google.rs .google.cn .google.la .google.by .google.com.gt .google.tn .google.cl .google.com.py .google.ge .google.com.ar .google.lk .google.com.kh .google.ru .google.com.mm .google.az .google.com.hk .google.kz .google.com.gh .google.am .google.me .google.com.et .google.no .google.md .google.com.pk .google.bj .google.com.af .google.hr .google.co.uz .google.com.pa .google.com.sv .google.cm .google.bg .google.sk .google.com.pr .google.com.eg .google.lu .google.al .google.si .google.com.jm .google.iq .google.lu .google.com.pe .google.com.ec .google.com.bo .google.kg .google.mu .google.sn .google.rw .google.co.ug .google.gr .google.fi .google.mk .google.com.lb .google.ee .google.jo .google.ba .google.com.sv .google.ps .google.com.fj .google.co.ao .google.com.gi .google.com.qa .google.tt .google.gy .google.lt .google.com.sv .google.mg .google.tm .google.gm .google.so .google.cz .google.co.tz .google.com.uy .google.bf .google.vg .google.com.cu .google.sm .google.com.bn .google.hn .google.ci .google.com.na .google.co.ls .google.dk .google.co.nz .google.ht .google.cv .google.ne .google.mv google.com.sb google.is google.com.ly google.com.kw google.co.vi google.je google.sc google.cd google.mg google.cg google.lv google.tg google.bt google.vu google.dz google.com.pg google.ht google.com.ni google.co.id google.com.uy google.mn google.bs google.tj google.co.uk google.com.sl google.com.bz google.ml google.com.ph google.co.in google.tm google.ms google.com.tj .comeet.com .reddit.com .ipqualityscore.com .debugbear.com js.usemessages.com; frame-ancestors 'self'; worker-src blob: 'self'; report-uri https://brightdata.com/web_api/report_csp	Good	Control resources the user agent is allowed to load for a given page. Click to learn more...
Referrer-Policy	—	Good	Control how much referrer information should be included with requests. Click to learn more...
Clear-Site-Data	—	Good	Control the data stored by a client browser for their origins. Click to learn more...
X-Permitted-Cross-Domain-Policies	—	Good	Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more...
Permissions-Policy	—	New	Allow and deny the use of browser features in a document or iframe. Click to learn more...
Cross-Origin-Embedder-Policy	—	New	Configure embedding cross-origin resources into the document. Click to learn more...
Cross-Origin-Opener-Policy	—	New	Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more...
Cross-Origin-Resource-Policy	—	New	Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more...
X-XSS-Protection	—	Deprecated	Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more...
Feature-Policy	—	Deprecated	Deprecated. Replaced by the Permissions-Policy header. Click to learn more...
Expect-CT	—	Deprecated	Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more...
Public-Key-Pins	—	Deprecated	Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more...

Security Violations · 1 found

Requests or resources offending security policies

Violation	Type	Info
Resource https://luminatinet.com/ Description Refused to load the image 'https://luminati.io/favicon.ico?utm_referer=https%253A%252F%252Fluminatinet.com%252F' because it violates the following Content Security Policy directive: "default-src 'self' https://brightdata.com wss://nexus-websocket-a.intercom.io api.openai.com wss://widget-mediator.zopim.com 'unsafe-inline' 'unsafe-eval' www.comeet.co data: .googleapis.com .googletagmanager.com .google-analytics.com www.googleadservices.com .googlesyndication.com www.pagespeed-mod.com assets.calendly.com calendly.com .doubleclick.net http://ad.doubleclick.net .youtube.com i.ytimg.com .vwo.com .visualwebsiteoptimizer.com widget.trustpilot.com .zdassets.com brightdata.zendesk.com assets.brightdata.com .userway.org cdn.mxpnl.com .mxpnl.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com .thesmilingelbows.com .bing.com .clarity.ms widget.intercom.io .linkedin.com px.ads.linkedin.com js.intercomcdn.com api-iam.intercom.io .hubspot.com hubspot-forms-static-embed.s3.amazonaws.com api-js.mixpanel.com .hsforms.net .hsforms.com .oribi.io .gravatar.com cdn.jsdelivr.net cdnjs.cloudflare.com ajax.cloudflare.com code.jquery.com unpkg.com snap.licdn.com .yandex.ru .yandex.net .yandex.com .yandex.md .yandex.by .netstar-inc.com .gstatic.com yastatic.net cdn.datatables.net .redditstatic.com .6sc.co .quora.com widget-mediator.zopim.com .google.com .google.ad .google.ae .google.com.tr .google.co.il .google.co.cr .google.ca .google.com.ua .google.es .google.co.in .google.com.sg .google.com.np .google.com.mt .google.de .google.com.bd .google.co.id .google.it .google.co.uk .google.co.th .google.co.kr .google.fr .google.co.za .google.com.my .google.com.co .google.co.ve .google.com.sa .google.pt .google.be .google.cz .google.co.ma .google.com.br .google.com.cy .google.co.jp .google.com.vn .google.com.tw .google.ro .google.co.ke .google.com.ng .google.hu .google.pl .google.ie .google.nl .google.se .google.com.do .google.com.mx .google.co.mz .google.at .google.com.ph .google.ge .google.com.au .google.dz .google.ch .google.rs .google.cn .google.la .google.by .google.com.gt .google.tn .google.cl .google.com.py .google.ge .google.com.ar .google.lk .google.com.kh .google.ru .google.com.mm .google.az .google.com.hk .google.kz .google.com.gh .google.am .google.me .google.com.et .google.no .google.md .google.com.pk .google.bj .google.com.af .google.hr .google.co.uz .google.com.pa .google.com.sv .google.cm .google.bg .google.sk .google.com.pr .google.com.eg .google.lu .google.al .google.si .google.com.jm .google.iq .google.lu .google.com.pe .google.com.ec .google.com.bo .google.kg .google.mu .google.sn .google.rw .google.co.ug .google.gr .google.fi .google.mk .google.com.lb .google.ee .google.jo .google.ba .google.com.sv .google.ps .google.com.fj .google.co.ao .google.com.gi .google.com.qa .google.tt .google.gy .google.lt .google.com.sv .google.mg .google.tm .google.gm .google.so .google.cz .google.co.tz .google.com.uy .google.bf .google.vg .google.com.cu .google.sm .google.com.bn .google.hn .google.ci .google.com.na .google.co.ls .google.dk .google.co.nz .google.ht .google.cv .google.ne .google.mv google.com.sb google.is google.com.ly google.com.kw google.co.vi google.je google.sc google.cd google.mg google.cg google.lv google.tg google.bt google.vu google.dz google.com.pg google.ht google.com.ni google.co.id google.com.uy google.mn google.bs google.tj google.co.uk google.com.sl google.com.bz google.ml google.com.ph google.co.in google.tm google.ms google.com.tj .comeet.com .reddit.com .ipqualityscore.com .debugbear.com js.usemessages.com". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.	Content Security Policy	Control resources the user agent is allowed to load for a given page. Click to learn more...

Certificates · 2 found

SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification

Subject	Issue date	Expiry date
*.luminatinet.com	Jul 16, 2024, 00:00:00	Jul 26, 2025, 23:59:59
brightdata.com	Sep 6, 2024, 14:04:18	Dec 5, 2024, 14:04:17