https://mc.yandex.ru/metrika/watch.js

Category: Images

Keywords: found


Last fetched: 2020-04-14T14:28:34.143874+00:00

HTTP status: 200 200 OK


Advanced trackers

Advanced user tracking and fingerprinting techniques are used by websites to bypass privacy protection in web browsers and increase tracking persistence.

b'.createElement("canvas")' … b'.createElement("canvas")' … b'createShader(' … b'createShader(' … b'.shaderSource(' … b'.shaderSource(' … b'.bindBuffer(' … b'.bufferData(' … b'.toDataURL(' … b'.toDataURL(' … b'.getContext("webgl")' … b'.getContext("experimental-webgl")'
b'navigator.sendBeacon' … b'navigator.sendBeacon'
b'.createElement("canvas")' … b'.createElement("canvas")' … b'.getContext("2d")' … b'.getContext("2d")' … b'.toDataURL()' … b'.toDataURL()' … b'String.fromCharCode(' … b'String.fromCharCode(' … b'String.fromCharCode(' … b'String.fromCharCode(' … b'String.fromCharCode(' … b'String.fromCharCode(' … b'String.fromCharCode(' … b'String.fromCharCode('
b'navigator.plugins' … b'navigator.plugins' … b'navigator.plugins' … b'navigator.plugins' … b'navigator.plugins' … b'navigator.plugins' … b'.filename' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name' … b'.name'

HTTP security-related headers assessment

Security score
0
crossdomain.xml

This file defines the cross-domain policy for Adobe applications. Dangerous if permissive or too broadly set » More...

<?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="*" secure="false"/> </cross-domain-policy>

Read here to see how this can be abused.

Security-related HTTP headers

  • Access-Control-Allow-Origin: *

    Controls origins (websites) that are allowed to load data from this web service over JavaScript-based APIs as part of Cross-Origin Resource Sharing (CORS) standard. By default, a web browser will refuse to load data over XmlHttpRequest from a website that is not in the same origin, which is a precaution against various types of data stealing attacks. The target server has to explicitly allow the origin domain using the Access-Control-Allow-Origin (ACAO) header, or it may allow all origins to access it using a wildcard *. The latter however creates a potential security issue if the website in question is transactional and processing sensitive data, so the wildcard should be only used on websites consciously offering public APIs.

    Read more...

  • Strict-Transport-Security: max-age=31536000

    HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header.

    Read more...

Sub-resources

Sub-resources

Most web pages load a number of sub-resources such as images, style sheets (CSS), JavaScript files, web fonts, audio or video files and other web pages in frames. Each of these sub-resources may be loaded from the same server (first-party resource) or servers belonging to other parties (third-party resources). In the latter case, the third-party will see a request coming from your browser with the information on the originating page and it can set its own cookies, both of which are frequently used for user tracking. Note that the cookies set by these sub-resources are already recorded in our cookie statistics for this page.

Symbols

  • Resource securely loaded over TLS
  • Resource insecurely loaded over plaintext HTTP.
  • Mixed content warning. This resource is loaded over plaintext HTTP on TLS page will be blocked by most modern browser. Read more...
  • A third-party resource. It may perform its own tracking on your requests and receive partial information about your activities on the original website
  • Resource with reputation warnings
  • Blacklisted domain
  • Suspicious pattern detected