secure.phila.gov | Privacy & security report #30263122

Server: Microsoft-IIS/6.0

Announces web server software and optionally version details.

The header exposes web server version details. These server no purpose apart from making life of security auditors and hackers easier, leading them straight to exploits for this particular version of product. WebCookies.org does offer security design and penetration testing services so we can help!

-1

MicrosoftOfficeWebServer: 5.0_Pub

A non-standard header used by Microsoft SharePoint and Office applications to communicate the version of server platform. Since it contains a detailed version of the software, it probably shouldn't be advertised on the public Internet.

The header exposes Microsoft SharePoint version details (and it may be not the best idea to expose your SharePoint on the Internet). WebCookies.org does offer security design and penetration testing services so we can help!

-1

X-Powered-By: ASP.NET

A non-standard and purely informational, but still very widespread header, whose only purpose is to advertise the name and optionally version of the software used to run the web server.

X-AspNet-Version: 2.0.50727

A non-standard header used by Microsoft ASP.NET platform to advertise its detailed version.

The header exposes web server version details. These server no purpose apart from making life of security auditors and hackers easier, leading them straight to exploits for this particular version of product. WebCookies.org does offer security design and penetration testing services so we can help!

-1

Transport Layer Security (TLS) is enabled

+2

X-Frame-Options header is missing

-2

X-XSS-Protection header is missing

-1

X-Content-Type-Options header is missing

-1

Web Cookies Scanner

Cookie and Security Scan Report

https://secure.phila.gov/revenue/taxcompliance/Header.aspx

Security-related HTTP headers

Sub-resources

Parent pages