https://my.jst.ai/ajax/account_version_check.html?id=A26E853D-748F-4F84-9C02-FA00170DBE27

Category: Financial

Keywords: card form free live week alert check email times trial account address dismiss entries justuno started features password required promotions


Last fetched: 2020-02-13T07:42:15.520798+00:00

HTTP status: 5 Sub-resource URL


TLS/SSL configuration report

TLS score
A

See full SSL/TLS security report for my.jst.ai

Security-related HTTP headers

  • Access-Control-Allow-Origin: *

    Controls origins (websites) that are allowed to load data from this web service over JavaScript-based APIs as part of Cross-Origin Resource Sharing (CORS) standard. By default, a web browser will refuse to load data over XmlHttpRequest from a website that is not in the same origin, which is a precaution against various types of data stealing attacks. The target server has to explicitly allow the origin domain using the Access-Control-Allow-Origin (ACAO) header, or it may allow all origins to access it using a wildcard *. The latter however creates a potential security issue if the website in question is transactional and processing sensitive data, so the wildcard should be only used on websites consciously offering public APIs.

    Read more...

  • P3P: CP="CURa ADMa DEVa TAIa CONa OUR BUS DSP NON COR"

    Largely abandoned format for declaring website's privacy policy in machine-readable format. The only reason for many websites to use the header was that old versions of Microsoft Internet Explorer disallowed third-party cookies on websites missing P3P.

    Read more...

  • Referrer-Policy: no-referrer-when-downgrade

    The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made.

    Read more...

  • Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

    The Expect-CT header allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that the browser check that any certificate for that site appears in public CT logs.

    Read more...

  • Server: cloudflare

    Announces web server software and optionally version details.

    Read more...

Pages loading this URL

Fully automated RESTful API is now available. Subscribe for your free trial today!