- Scan ID:
- ffb340a6-915e-4b28-8a43-8ed1dfb44f7cFinished
- Submitted URL:
- https://photos.pixlee.co/getDUH
- Report Finished:
Risks · 0 found
Practices that may pose security risks
Security Headers · 6 found
HTTP response headers that can harden the security of a web application
Learn more...| Name | Value | Support | Info |
|---|---|---|---|
| Strict-Transport-Security | max-age=31557600 | Good | Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more... |
| X-Frame-Options | — | Good | Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more... |
| X-Content-Type-Options | nosniff | Good | Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more... |
| Content-Security-Policy | default-src http: https:; script-src *.kube.pixlee.io *.dev.pixlee.com:9001 *.feedshop.net *.pxlecdn.com *.pixlee.gallery *.pixleeteam.com data: *.nanovisor.io http://photos.test localhost:8000 http://photos.pixlee.test *.pixlee.com *.pixlee.co *.pixlee.io https://cdn.ravenjs.com https://browser.sentry-cdn.com cdnjs.cloudflare.com https://*.cloudfront.net *.pusher.com *.pinterest.com *.googleapis.com https://api-ssl.bitly.com *.google-analytics.com graph.instagram.com connect.facebook.net googletagmanager.com pixlee.gallery https://*.tiktok.com https://*.ibytedtos.com https://*.byteoversea.com https://*.tiktokcdn.com https://*.ttwstatic.com https://*.tiktokcdn-us.com 'unsafe-inline' 'unsafe-eval' photos.pixlee.com; style-src *.kube.pixlee.io *.dev.pixlee.com:9001 *.pixleeteam.com http://photos.test localhost:8000 http://photos.pixlee.test *.pixlee.com *.pixlee.co *.pixlee.io *.pxlecdn.com https://cdnjs.cloudflare.com fonts.googleapis.com graph.instagram.com https://*.tiktok.com https://*.ibytedtos.com https://*.byteoversea.com https://*.tiktokcdn.com https://*.ttwstatic.com https://*.tiktokcdn-us.com 'unsafe-inline' photos.pixlee.com; font-src http: https: data:; img-src *.kube.pixlee.io *.pixleeteam.com android-webview-video-poster: *.pixlee.com *.pixlee.co *.pixlee.io *.pxlecdn.com http: https: data: blob:; connect-src *.kube.pixlee.io *.dev.pixlee.com:9001 *.feedshop.net *.pxlecdn.com *.pixlee.gallery *.pixleeteam.com *.nanovisor.io *.pixlee.com *.pixlee.co *.pixlee.io *.pixlee.test localhost:8000 distillery.test photos.test *.pixleeteam.com:9000 *.pixleeteam.com:9001 ws://*.pixlee.com wss://*.pixlee.com ws://*.pixlee.co wss://*.pixlee.co ws://*.pxlecdn.com wss://*.pxlecdn.com *.pusherapp.com ws://*.pusherapp.com wss://*.pusherapp.com https://api-ssl.bitly.com *.facebook.com pixlee-staging-distillery.herokuapp.com s3.amazonaws.com youtube.com sentry.io code.jquery.com *.googleapis.com pixlee-backstage-analytics.herokuapp.com https://*.tiktok.com https://*.ibytedtos.com https://*.byteoversea.com https://*.tiktokcdn.com https://*.ttwstatic.com https://*.tiktokcdn-us.com ws://localhost:3036 photos.pixlee.com; report-to csp; report-uri https://sentry.io/api/1227414/security/?sentry_key=a8d877c6035547e193eff7baa44c7501 | Good | Control resources the user agent is allowed to load for a given page. Click to learn more... |
| Referrer-Policy | strict-origin-when-cross-origin | Good | Control how much referrer information should be included with requests. Click to learn more... |
| Clear-Site-Data | — | Good | Control the data stored by a client browser for their origins. Click to learn more... |
| X-Permitted-Cross-Domain-Policies | none | Good | Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more... |
| Permissions-Policy | — | New | Allow and deny the use of browser features in a document or iframe. Click to learn more... |
| Cross-Origin-Embedder-Policy | — | New | Configure embedding cross-origin resources into the document. Click to learn more... |
| Cross-Origin-Opener-Policy | — | New | Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more... |
| Cross-Origin-Resource-Policy | — | New | Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more... |
| X-XSS-Protection | 1; mode=block | Deprecated | Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more... |
| Feature-Policy | — | Deprecated | Deprecated. Replaced by the Permissions-Policy header. Click to learn more... |
| Expect-CT | — | Deprecated | Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more... |
| Public-Key-Pins | — | Deprecated | Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more... |
Security Violations · 0 found
Requests or resources offending security policies
Certificates · 1 found
SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification
| Subject | Issue date | Expiry date |
|---|---|---|
| *.pixlee.co | Nov 18, 2024, 12:13:19 | Feb 16, 2025, 12:13:18 |