Security Report Summary
C
Site: https://bikeindex.org/
IP Address: 172.67.72.224
Report Time: 16 Mar 2025 06:01:52 UTC
Headers:
  • Referrer-Policy
  • Strict-Transport-Security
  • X-Content-Type-Options
  • Content-Security-Policy
  • X-Frame-Options
  • Permissions-Policy
Advanced:
Not bad… Maybe you should perform a deeper security analysis of your website and APIs:
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN".
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Raw Headers
HTTP/2200
dateSun, 16 Mar 2025 06:01:52 GMT
content-typetext/html; charset=utf-8
referrer-policystrict-origin-when-cross-origin
strict-transport-securitymax-age=631139040
x-content-type-optionsnosniff
link</assets/revised-c8374cb911911b248de91c18c5f28cbf9208722cc272b89b9a55fd4d3a37ebdf.css>; rel=preload; as=style; nopush,</assets/application_revised-59210909bc41de832b59cf0073bd849c506eee4caeccce17b80e92fb23940917.js>; rel=preload; as=script; nopush
etagW/"de9ea621d337bf7a64e3624f9912fc6f"
cache-controlmax-age=0, private, must-revalidate
set-cookie_bikeindex_session=AX0OJVOvfXipdB07tU5JX604nTBLhMm77AUF3BLPb8n%2FRoRpfGRoyPnS20MjsG9Wx5JTXrmdewYioIaeKo8E6f0MQj98DToLvUukvljDY0PWBP4LAnSdKtwHl2v%2Bw87jVTpsZx2aD8InVtwAGaAEuVf%2FuyIa52gDrnzUQwG1lR6zIRKj856JQlwn8ljSiAKIToq0%2FZNlDajtv5PSjvS%2Ft3jis4579YwKTqahUnKWK4k6NM9LJPha2ln9IuVLCSK4J9%2BBGwk9qcbnKro51hWRBrz%2B7S6Hm5%2FxukXRJgfomi5HfKzPoWPBU%2Bv6I2bPnTE5ThznLrREpKE4uuofP7wVuZR9--KoSFGcMqPlJ3z9G%2B--jsEXYbS3fNK2H0nnyjkrzQ%3D%3D; domain=bikeindex.org; path=/; secure; httponly; samesite=lax
x-request-id6fc863f4-e5cf-4499-92ed-cb4882b0bbf3
x-runtime0.033499
x-powered-bycloud66
content-encodinggzip
cf-cache-statusDYNAMIC
varyaccept-encoding
report-to{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uKfvJQ4PybPvaYieNFFjlrgGvZ8Eh%2FIuimLOLY7EKp4iBJPsMiCpInaNfDn7DX3Og6pI73Ukwzdg9FUHXW65fEWSgDiL3RZduhqfeNUpuCiuoXbEpEnVDSILuzQFaOw%3D"}],"group":"cf-nel","max_age":604800}
nel{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
servercloudflare
cf-ray921209d48b011b81-DUB
server-timingcfL4;desc="?proto=TCP&rtt=2220&min_rtt=997&rtt_var=2424&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3414&recv_bytes=1352&delivery_rate=2825365&cwnd=253&unsent_bytes=0&cid=9c62f650f25b148a&ts=376&x=0"
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
referrer-policyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
strict-transport-securityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
x-content-type-optionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
set-cookieThere is no Cookie Prefix on this cookie.
x-powered-byX-Powered-By can usually be seen with values like "PHP/5.5.9-1ubuntu4.5" or "ASP.NET". Trying to minimise the amount of information you give out about your server is a good idea. This header should be removed or the value changed.
report-toReport-To enables the Reporting API. This allows a website to collect reports from the browser about various errors that may occur. You can sign up for a free account on Report URI to collect these reports.
nelNetwork Error Logging is a new header that instructs the browser to send reports during various network or application errors. You can sign up for a free account on Report URI to collect these reports.
serverServer value has been changed. Typically you will see values like "Microsoft-IIS/8.0" or "nginx 1.7.2".