Web Cookies Scanner

WebCookies.org provides free audit of web cookies used by a website. See how websites are tracking user activities using web cookies, obtain an easy to understand cookie usage summary and find out about compliance with new EU privacy law. No additional software installation is required.

Cookie and Security Scan Report

Title: "BeBasket est le site sur l'actu basket en France et en Europe - BeBasket.fr"
Description: "BeBasket est le site sur l'actu basket en France et en Europe : toutes les nouvelles pro A, pro B, nm1, lfb, edf et étranger"

Session cookies are cleared when you close your browser and allow the website to identify user's state — such as logged-in users. They are mostly considered harmless because they cannot be used for long-term user tracking. This site sets 1 session cookies.

Third-party domains is the count of organisations allowed by the webmaster to trace your across the site. These cookies may be set for various purposes, like tracking ads displayed on the website, collection of statistics, targeted advertising etc. This website allows 5 other websites to track your activity.

Persistent cookies are the cookies that are preserved through browser shutdowns. This means, even if you close this page today and ever return there in future, the website will know you're a returning visitor. This may be used for "remember me" features, as well as persistent user tracking. These cookies, especially if set by third party organisations, are powerful tool for monitoring your activities across all the websites you visit. This website sets 12 persistent cookies with average life-time of 412 days and longest 1095 days.

Last fetched: 2015-01-14T00:24:24.284930+00:00
HTTP status: 200

Cookie privacy related properties

Cookie name Domain Lifetime 3 rd party cookie Permanent cookie Session cookie
PHPSESSID
ASP.NET generic session cookie More...
www.bebasket.fr The cookie is only valid during current browser session and it will be deleted when you close browser This is a third party cookie This is a session cookie
__gads .bebasket.fr This cookie expires at Jan. 13, 2017, 12:24 a.m. (730 days) This is a third party cookie This is a persistent (long-term) cookie
uid
Critero advertisement tracking cookie More...
.criteo.com This cookie expires at Jan. 14, 2016, 12:24 a.m. (365 days) This is a third party cookie This is a persistent (long-term) cookie
udc
Critero advertisement tracking cookie More...
.criteo.com This cookie expires at July 13, 2015, 11:24 p.m. (180 days) This is a third party cookie This is a persistent (long-term) cookie
zdi
Critero advertisement tracking cookie More...
.criteo.com This cookie expires at July 13, 2015, 11:24 p.m. (180 days) This is a third party cookie This is a persistent (long-term) cookie
_ga .bebasket.fr This cookie expires at Jan. 13, 2017, 12:24 a.m. (730 days) This is a third party cookie This is a persistent (long-term) cookie
_gat .bebasket.fr This cookie expires at Jan. 14, 2015, 12:34 a.m. (0 days) This is a third party cookie
uuid
MediaMath tracking cookie More...
.mathtag.com This cookie expires at Jan. 14, 2016, 12:24 a.m. (365 days) This is a third party cookie This is a persistent (long-term) cookie
mt_misc
MediaMath tracking cookie More...
.mathtag.com This cookie expires at Feb. 13, 2015, 12:24 a.m. (30 days) This is a third party cookie This is a persistent (long-term) cookie
uuidc
MediaMath tracking cookie More...
.mathtag.com This cookie expires at Jan. 14, 2016, 12:24 a.m. (365 days) This is a third party cookie This is a persistent (long-term) cookie
eid
Critero advertisement tracking cookie More...
.criteo.com This cookie expires at July 13, 2015, 11:24 p.m. (180 days) This is a third party cookie This is a persistent (long-term) cookie
id
Google DoubleClick ad tracking cookie More...
.doubleclick.net This cookie expires at Jan. 13, 2017, 12:24 a.m. (730 days) This is a third party cookie This is a persistent (long-term) cookie
mt_mop
MediaMath tracking cookie More...
.mathtag.com This cookie expires at Jan. 13, 2018, 12:24 a.m. (1095 days) This is a third party cookie This is a persistent (long-term) cookie

Cookie security related properties

Cookie name Secure httpOnly
PHPSESSID Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)
__gads Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)
uid Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)
udc Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)
zdi Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)
_ga Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)
_gat Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)
uuid Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)
mt_misc Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)
uuidc Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)
eid Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)
id Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)
mt_mop Irrelevant on non-SSL website This cookie can be read by JavaScript (on purpose or not)

HTTP security related headers

Security score: 0
Always recommended
X-Frame-Options
This headers prevents the page from being displayed in FRAME or IFRAME, mitigating ClickJacking attacks and is recommended for most websites. More...
The header is not set See who does...
Content-Security-Policy
Allows fine-grained control over what content is allowed to be loaded on this website. It's a powerful security feature that is strongly recommended. More...
This website does not use CSP, why not try CspBuilder? See who does...
X-XSS-Protection
Controls Cross-Site Scripting filter built into most browsers, usually recommended More...
This website does not set the header See who does...
X-Content-Type-Options
Disables naive file type guessing in browsers, preventing some malicous content download attacks More...
This website does not set the header by default, but it may not matter that much if it's set on download and API URLs See who does...
Recommended on SSL/TLS sites
Strict-Transport-Security
Strongly recommended on all TLS websites to prevent SSL striping attacks on their users More...
This flag is irrelevant on non-TLS website
Public-Key-Pins
Strongly recommended on all TLS websites to protect from fake certificate substitution attacks More...
This flag is irrelevant on non-TLS website
Other HTTP headers
Access-Control-Allow-Origin
ACAO header control which domains may originate XHR requests to this website More...
This website does not set the ACAO header, but it may not matter if it does not accept external XHR requests
P3P
P3P is a mostly abandoned standard for website's privacy policy declaration More...
This website does not set P3P header, but it doesn't really matter these days
POWDER
POWDER is a mostly abandoned standard for web content classification and rating More...
This website does not set POWDER header
PICS
PICS is a largely abandoned standard for web content classification and rating More...
This website does not set PICS header
RTA
RTA (Restricted to Adults) is a label for adult websites supported by Safari and MSIE
This website does not set the RTA label
X-Permitted-Cross-Domain-Policies
This header specifies Adobe Flash and Acrobat meta-policy for cross-domain (bypassing Single-Origin Policy) requests. Its presence itself is not an issue, unless a too permissive value of all is set. If your website is not going to be accessed from Adobe applications, you can also set this header to none. More...
This website does not set the header
crossdomain.xml
This file defines the cross-domain policy for Adobe applications. Dangerous if permissive or too broadly set More...
The website does not set permissive cross-domain policy
clientaccesspolicy.xml
Enables access to the website bypassing Single-Origin Policy safeguards in browser via Microsoft Silverlight applications. Dangerous if permissive or too broadly set More...
The website does not set permissive cross-domain policy
Server
The Server header advertises the web server used by this website. If it contains detailed version, and the version contains know vulnerabilities, it may help attackers quickly locate a target
This server does not reveal detailed version
X-Powered-By
This header advertises detailed version of some web application frameworks (ASP.NET, PHP) and also helps target attacks if the version is vulnerable
This server does not reveal framework version
X-AspNet-Version
This header reveals detailed version of ASP.NET framework which facilitates attacks if the version is vulnerable.
This server does not reveal ASP.NET version
MicrosoftSharePointTeamServices
This header advertises Microsoft SharePoint version which may facilitate target location and attacks if the version is old and vulnerable.
This server does not reveal SharePoint version
MicrosoftOfficeWebServer
This header advertises Microsoft Office version which may facilitate target location and attacks if the version is old and vulnerable.
This server does not reveal Office version
BIGipServer
This cookie is used by F5 load-balancers and reverals internal IP addresses of the actual server, which may also facilitate attacks.
This server does not set F5 cookie

Canvas Trackers

Canvas fingerprinting is a relatively new user tracking technique that uses the new drawing feature in HTML5 called "canvas". It bypassess all the typical cookie or Flash control techniques and allows to identify unique browsers with high likelihood.

Possible CANVAS trackers found on the website
Source Sample
No entries