This scan was made by Website Security Scanner at webscanner.unofix.no

93/100
Good

Scanned URL: elementojuris.cloud

2026-02-28 09:47:25
πŸ›‘οΈ
Security Headers
72
πŸ”’
SSL / HTTPS
100
πŸͺ
Cookies
100
πŸ“‚
Exposed Files
100
πŸ–₯️
Server Info
100
⚠️ Security Headers 72%

Security headers are HTTP response headers that tell the browser how to handle a website’s content in a secure way.

5 of 8 recommended security headers found (72% score)

Header Status Value Description
X-Frame-Options βœ… DENY Protects against clickjacking attacks. Hackers can load your page in an invisible iframe and trick users into clicking buttons they cannot see (e.g. "Transfer money"). Value: DENY. Assessment: Good.
X-Content-Type-Options ❌ Not set Prevents MIME-sniffing. A malicious file pretending to be an image can be executed as JavaScript and steal user data. Status: Not set.
Strict-Transport-Security βœ… max-age=31536000; includeSubDomains; preload Enforces HTTPS usage (HSTS). Without HTTPS, attackers on the same WiFi network can intercept all communication and steal passwords in plain text. Value: max-age=31536000; includeSubDomains; preload. Assessment: Good.
Content-Security-Policy βœ… default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://connect.facebook.net https://www.facebook.com https://graph.facebook.com https://challenges.cloudflare.com https://viacep.com.br https://brasilapi.com.br; frame-src 'self' https://challenges.cloudflare.com; object-src 'none'; upgrade-insecure-requests Controls which resources can be loaded. Malicious scripts from third parties can run on your page and steal user data or spread malware. Value: default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://connect.facebook.net https://www.facebook.com https://graph.facebook.com https://challenges.cloudflare.com https://viacep.com.br https://brasilapi.com.br; frame-src 'self' https://challenges.cloudflare.com; object-src 'none'; upgrade-insecure-requests. Assessment: Needs improvement. Notes: script-src contains unsafe-inline (weakens XSS protection).
Referrer-Policy βœ… strict-origin Controls what referrer information is sent. Sensitive URLs (e.g. /reset-password?token=abc123) can leak to third parties via analytics or ads. Value: strict-origin. Assessment: Good.
Permissions-Policy βœ… camera=(), microphone=(), geolocation=() Controls access to browser features (camera, microphone, GPS). Malicious code or third-party scripts can secretly activate camera/microphone and spy on the user. Value: camera=(), microphone=(), geolocation=(). Assessment: Good.
Cross-Origin-Opener-Policy ❌ Not set Isolates your window from cross-origin windows. A malicious popup window can read data from your page via window.opener and steal sensitive information. Status: Not set.
Cross-Origin-Resource-Policy ❌ Not set Controls who can load your resources. Other websites can steal bandwidth by hotlinking to your images, or read pixel data from cross-origin images. Status: Not set.
βœ… Exposed Files & Information Disclosure 100%

No exposed files or directories found. Checked 49 file locations and 6 directories.

βœ… SSL/TLS Security 100%

Valid SSL certificate from trusted Certificate Authority. Certificate expires in 71 days.

πŸ“œ SSL Certificate Information
Status βœ… Valid
Issued To elementojuris.cloud
Issued By R12
Valid Until 2026-05-09 23:47:11
Days Until Expiry 71 days
βœ… Cookie Security 100%

No Set-Cookie headers found in the initial response. Note: cookies may still be set client-side (JavaScript) after page load.

Cookie Name Security Flags Score Risk Issues