All-in-one free web application security tool. Web application vulnerability and privacy scanner with support for HTTP cookies, Flash, HTML5 localStorage, sessionStorage, CANVAS, Supercookies, Evercookies. Includes a free SSL/TLS, HTML and HTTP vulnerability scanner and URL malware scanner.
Keywords: cars jobs rent sale ajman count dhabi dubai https \u0648 children dubizzle fujairah property services apartments villahouse classifieds display_name popular_searches
Last fetched: 2019-09-19T09:41:54.744323+00:00
HTTP status: 5 Sub-resource URL
Announces web server software and optionally version details.Read more...
A non-standard but widely accepted header introduced originally by Microsoft to disable "content sniffing" or heuristic content type discovery in absence or mismatch of a proper HTTP
Content-Type declaration, which led to a number of web attacks. In general, presence of the header with its only defined value of
nosniff is considered as part of a properly secured HTTP response.
Fuzzy content type guessing is disabled+1
The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made.Read more...
HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header.Read more...
HTTP Strict Transport Security is enabled+2
Transport Layer Security (TLS) is enabled+2
X-Frame-Options header is missing
X-XSS-Protection header is missing
frame-ancestors http://*.dubizzle.com https://*.dubizzle.com https://app.optimizely.com;
base-uri allows attackers to inject
base tags which override the base URI to an attacker-controlled origin. Set to
'none' unless you need to handle tricky relative URLs scheme
block-all-mixed-content directive if your website is only accessible over TLS and you are certain it doesn not have any legacy plaintext resources. Otherwise you may add adding
upgrade-insecure-requests directive if your website may still have some legacy plaintext HTTP resources and you want them to be still available rather than blocked
Want second opinion? Try Google CSP Evaluator.
The website uses the following advertisement publisher ids: