| 1. General Results, most used to calculate the result |
A | name "youtube.com" is domain, public suffix is ".com", top-level-domain is ".com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services", num .com-domains preloaded: 103088 (complete: 263653)
|
A | Good: All ip addresses are public addresses
|
A | Good: Minimal 2 ip addresses per domain name found: www.youtube.com has 14 different ip addresses (authoritative).
|
A | Good: Minimal 2 ip addresses per domain name found: youtube.com has 2 different ip addresses (authoritative).
|
A | Good: Ipv4 and Ipv6 addresses per domain name found: www.youtube.com has 10 ipv4, 4 ipv6 addresses
|
A | Good: Ipv4 and Ipv6 addresses per domain name found: youtube.com has 1 ipv4, 1 ipv6 addresses
|
A | Good: No asked Authoritative Name Server had a timeout
|
A | Good: destination is https
|
A | Good - only one version with Http-Status 200
|
A | Good: one preferred version: www is preferred
|
A | Good: every cookie sent via https is marked as secure
|
A | Good: Every cookie has a SameSite Attribute with a correct value Strict/Lax/None
|
A | Excellent: Domain is in the Google-Preload-List
|
A | Excellent: Domain is in the Mozilla/Firefox-Preload-List
|
A | HSTS-Preload-Status: Preloaded. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
|
A | Good: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
|
A | http://youtube.com/ 142.250.185.142
| https://youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://youtube.com/ 216.58.215.174
| https://youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://youtube.com/ 2a00:1450:4003:806::200e
| https://youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.178.174
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.181.238
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.184.14
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.184.174
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.184.238
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.185.14
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.185.78
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.185.110
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.185.142
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.185.174
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.185.206
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.185.238
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.186.46
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.200.78
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.200.110
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.200.142
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 142.250.201.78
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 172.217.16.142
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 172.217.16.206
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 172.217.18.14
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 216.58.206.46
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 216.58.206.78
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 216.58.212.142
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 216.58.212.174
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 216.58.215.142
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 216.58.215.174
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 2a00:1450:4003:80c::200e
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 2a00:1450:4003:80d::200e
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 2a00:1450:4003:80f::200e
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
A | http://www.youtube.com/ 2a00:1450:4003:811::200e
| https://www.youtube.com/
| Correct redirect http - https with the same domain name
|
B | https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2F.well-known%2Facme-challenge%2Fcheck-your-website-dot-server-daten-dot-de%3Fcbrd%3D1&gl=DE&m=0&pc=yt&cm=2&hl=de&src=1
|
| Missing HSTS-Header
|
| http://www.google.com/
| AEC=AVcja2cup1JXS4jkub1rG8FgteAOLce1QNxbkRupsXWnhCow8Vp86RrY0Q; expires=Thu, 07-Aug-2025 14:41:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
| Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
|
F | https://142.250.178.174/ 142.250.178.174
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.181.238/ 142.250.181.238
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.184.14/ 142.250.184.14
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.184.174/ 142.250.184.174
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.184.238/ 142.250.184.238
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.185.78/ 142.250.185.78
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.185.110/ 142.250.185.110
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.185.142/ 142.250.185.142
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.185.174/ 142.250.185.174
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.185.206/ 142.250.185.206
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.185.238/ 142.250.185.238
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.186.46/ 142.250.186.46
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.200.78/ 142.250.200.78
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.200.110/ 142.250.200.110
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.200.142/ 142.250.200.142
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://142.250.201.78/ 142.250.201.78
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://172.217.16.142/ 172.217.16.142
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://172.217.16.206/ 172.217.16.206
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://172.217.18.14/ 172.217.18.14
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://216.58.206.46/ 216.58.206.46
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://216.58.206.78/ 216.58.206.78
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://216.58.212.142/ 216.58.212.142
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://216.58.212.174/ 216.58.212.174
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://216.58.215.142/ 216.58.215.142
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
F | https://216.58.215.174/ 216.58.215.174
| http://www.google.com/
| Wrong redirect https - http - never redirect https to http
|
M | https://[2a00:1450:4003:0806:0000:0000:0000:200e]/ 2a00:1450:4003:806::200e
|
| Misconfiguration - main pages should never send http status 400 - 499
|
M | https://[2a00:1450:4003:080c:0000:0000:0000:200e]/ 2a00:1450:4003:80c::200e
|
| Misconfiguration - main pages should never send http status 400 - 499
|
M | https://[2a00:1450:4003:080d:0000:0000:0000:200e]/ 2a00:1450:4003:80d::200e
|
| Misconfiguration - main pages should never send http status 400 - 499
|
M | https://[2a00:1450:4003:080f:0000:0000:0000:200e]/ 2a00:1450:4003:80f::200e
|
| Misconfiguration - main pages should never send http status 400 - 499
|
M | https://[2a00:1450:4003:0811:0000:0000:0000:200e]/ 2a00:1450:4003:811::200e
|
| Misconfiguration - main pages should never send http status 400 - 499
|
N | https://[2a00:1450:4003:0806:0000:0000:0000:200e]/ 2a00:1450:4003:806::200e
|
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.178.174/ 142.250.178.174
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.181.238/ 142.250.181.238
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.184.14/ 142.250.184.14
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.184.174/ 142.250.184.174
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.184.238/ 142.250.184.238
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.185.78/ 142.250.185.78
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.185.110/ 142.250.185.110
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.185.142/ 142.250.185.142
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.185.174/ 142.250.185.174
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.185.206/ 142.250.185.206
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.185.238/ 142.250.185.238
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.186.46/ 142.250.186.46
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.200.78/ 142.250.200.78
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.200.110/ 142.250.200.110
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.200.142/ 142.250.200.142
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://142.250.201.78/ 142.250.201.78
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://172.217.16.142/ 172.217.16.142
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://172.217.16.206/ 172.217.16.206
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://172.217.18.14/ 172.217.18.14
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://216.58.206.46/ 216.58.206.46
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://216.58.206.78/ 216.58.206.78
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://216.58.212.142/ 216.58.212.142
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://216.58.212.174/ 216.58.212.174
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://216.58.215.142/ 216.58.215.142
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://216.58.215.174/ 216.58.215.174
| http://www.google.com/
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://[2a00:1450:4003:080c:0000:0000:0000:200e]/ 2a00:1450:4003:80c::200e
|
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://[2a00:1450:4003:080d:0000:0000:0000:200e]/ 2a00:1450:4003:80d::200e
|
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://[2a00:1450:4003:080f:0000:0000:0000:200e]/ 2a00:1450:4003:80f::200e
|
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
N | https://[2a00:1450:4003:0811:0000:0000:0000:200e]/ 2a00:1450:4003:811::200e
|
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
A | Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain www.youtube.com, 14 ip addresses.
|
A | Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain youtube.com, 2 ip addresses.
|
B | No _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.youtube.com
|
| 2. Header-Checks |
A | www.youtube.com 142.250.178.174
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.181.238
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.184.14
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.184.174
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.184.238
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.185.14
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.185.78
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.185.110
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.185.142
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.185.174
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.185.206
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.185.238
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.186.46
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.200.78
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.200.110
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.200.142
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script';report-uri /cspreport
|
B |
|
| Info: Header-Element is deprecated. report-uri /cspreport
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 142.250.201.78
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script';report-uri /cspreport
|
B |
|
| Info: Header-Element is deprecated. report-uri /cspreport
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 172.217.16.142
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 172.217.16.206
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 172.217.18.14
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|
A | www.youtube.com 216.58.206.46
| Content-Security-Policy
| Ok: Header without syntax errors found: require-trusted-types-for 'script'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| report-to
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
|
| Ok: Header without syntax errors found: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| Permissions-Policy
| Ok: Header without syntax errors found: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
|
E |
|
| Critical: Duplicated entries found ch-ua-arch=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-bitness=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-full-version-list=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-model=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform-version=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-wow64=*
Duplicated entries: * |
E |
|
| Critical: Duplicated entries found ch-ua-platform=*
Duplicated entries: * |
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-wow64
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-platform-version
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-model=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version-list=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-full-version=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-bitness=*
|
F |
|
| Critical: Headerelement with a second Headerelement not at the first position found ch-ua-arch=*
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors
|
F |
|
| Critical: Unknown token found. Standard-token with additional characters are not defined. ch-ua-form-factors=*
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 0
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 0
|
A |
| Cross-Origin-Opener-Policy
| Ok: Header without syntax errors found: same-origin-allow-popups; report-to="youtube_main"
|