All-in-one free web application security tool. Web application vulnerability and privacy scanner with support for HTTP cookies, Flash, HTML5 localStorage, sessionStorage, CANVAS, Supercookies, Evercookies. Includes a free SSL/TLS, HTML and HTTP vulnerability scanner and URL malware scanner.
Category: Gaming
Keywords: free game play 16bit enjoy games mario retro super video online titles browser console genesis emulator nintendo released 2017super unblocked
Last fetched: 2019-04-28T20:13:44.883654+00:00
HTTP status: 5 Sub-resource URL
Server: nginx
Announces web server software and optionally version details.
Read more...X-Robots-Tag: noindex
Controls the behavior of search engine bots and may contain most of the directives usually found in robots.txt file.
Read more...Referrer-Policy: strict-origin-when-cross-origin
Referrer-Policy enabled
+1
The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made.
Read more...X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Clickjacking protection is enabled
+2
Instructs the browser if the current website can be embedded in HTML frame by another website. Since this allows the parent website to control the framed page, this creates a potential for data theft attacks ("clickjacking") and most sensitive websites won't allow them to be framed at all (deny
) or just allow parts of them to be embedded in frames created by themselves only (samesite
).
X-Content-Type-Options: nosniff, nosniff
A non-standard but widely accepted header introduced originally by Microsoft to disable "content sniffing" or heuristic content type discovery in absence or mismatch of a proper HTTP Content-Type
declaration, which led to a number of web attacks. In general, presence of the header with its only defined value of nosniff
is considered as part of a properly secured HTTP response.
X-XSS-Protection: 1; mode=block
XSS auditor is enabled in blocking mode
+1
Controls an Cross-Site Scripting (XSS) filters built into the majority of web browsers. The filter is usually turned on by default anyway, but requirement to set the header to 1
became part of canonical set of "secure" HTTP headers. Over time, vulnerabilities in the "sanitizing" mode filter were found, so 1; mode=block
became the recommended value. Some companies decided that they don't really need a browser-side XSS filter to mess with their web services which are XSS-free anyway and they became consciously disabling the XSS filter by setting the header to 0
.
Access-Control-Allow-Origin: https://myemulator.online, https://myemulator.online
Controls origins (websites) that are allowed to load data from this web service over JavaScript-based APIs as part of Cross-Origin Resource Sharing (CORS) standard. By default, a web browser will refuse to load data over XmlHttpRequest
from a website that is not in the same origin, which is a precaution against various types of data stealing attacks. The target server has to explicitly allow the origin domain using the Access-Control-Allow-Origin
(ACAO) header, or it may allow all origins to access it using a wildcard *
. The latter however creates a potential security issue if the website in question is transactional and processing sensitive data, so the wildcard should be only used on websites consciously offering public APIs.
Strict-Transport-Security: max-age=172800; includeSubdomains
HTTP Strict Transport Security is enabled
+2
HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header.
Read more...Transport Layer Security (TLS) is enabled
+2The website uses the following advertisement publisher ids: