Skip to content
https://sun-sentinel.com

Security

· 12 checks — HTTP headers, CSP, TLS handshake, and cookie hygiene rolled into one auditable list.
SCORE
69
GRADE
D
FIX
5
REVIEW
2
PASS
5
INFO
0
Checks
12
5 PASS 2 REVIEW 5 FIX
F
Security Headers
Action
3 of 10 headers properly configured
FIX
3 of 10 headers properly configured
Critical::
HSTS header is missing
Strict-Transport-Security forces browsers to use HTTPS, preventing downgrade attacks. Add the header with a max-age of at least 1 year.
Expected: max-age=31536000; includeSubDomains
Warning::
X-Content-Type-Options header is missing
This header prevents MIME-type sniffing, which can lead to XSS attacks. Set it to 'nosniff'.
Expected: nosniff
Warning::
X-Frame-Options header is missing
This header prevents clickjacking by controlling who can embed your page in a frame. Set it to DENY or SAMEORIGIN.
Expected: DENY
Warning::
Referrer-Policy header is missing
Controls how much referrer information is sent with requests. Set to 'strict-origin-when-cross-origin' or stricter.
Expected: strict-origin-when-cross-origin
Warning::
Permissions-Policy header is missing
Controls which browser features (camera, microphone, geolocation) are allowed. Set it to restrict unused features.
Expected: geolocation=(), camera=(), microphone=()
Info::
Content-Security-Policy is present
Got: default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe…
Warning::
Cross-Origin-Opener-Policy header is missing
COOP isolates your browsing context, preventing cross-origin side-channel attacks. Set to 'same-origin'.
Expected: same-origin
Warning::
Cross-Origin-Embedder-Policy header is missing
COEP prevents loading cross-origin resources without explicit permission. Required for SharedArrayBuffer and high-resolution timers.
Expected: require-corp
Info::
X-Powered-By header is not present
Info::
Server header is present without version info
Got: nginx

Strict-Transport-Security forces browsers to use HTTPS, preventing downgrade attacks. Add the header with a max-age of at least 1 year.

Expected: max-age=31536000; includeSubDomains
Why this matters

Without HSTS, a network attacker can downgrade the very first connection to HTTP and steal the user's session.

Learn more

HSTS tells browsers 'never speak HTTP to this domain again.' Without it, a network attacker (public WiFi, malicious ISP, hostile DNS) intercepts the first HTTP attempt and serves a downgraded version of your site. One header, big surface reduction.

Source: RFC 6797 / OWASP

This header prevents MIME-type sniffing, which can lead to XSS attacks. Set it to 'nosniff'.

Expected: nosniff
Why this matters

MIME sniffing lets browsers run uploaded files as JavaScript, turning a file upload into an XSS.

Learn more

Setting X-Content-Type-Options: nosniff tells browsers to trust your declared Content-Type instead of guessing. Without it, an attacker who uploads a polyglot file can sometimes get it executed as a script. One header, no downside.

Source: OWASP / MDN

This header prevents clickjacking by controlling who can embed your page in a frame. Set it to DENY or SAMEORIGIN.

Expected: DENY
Why this matters

Without frame protection, your site can be embedded in a hostile page and used for clickjacking.

Learn more

Clickjacking overlays your site under a transparent malicious page so users click invisible buttons. Setting X-Frame-Options: DENY (or a modern frame-ancestors CSP directive) blocks the embedding entirely. There's almost never a legitimate reason to allow it.

Source: OWASP / MDN

Controls how much referrer information is sent with requests. Set to 'strict-origin-when-cross-origin' or stricter.

Expected: strict-origin-when-cross-origin
Why this matters

Default browser behavior leaks full URLs (including query params and tokens) to every third-party resource — set a strict policy.

Learn more

Without a Referrer-Policy header, browsers send the full referring URL with images, scripts, and fonts loaded from third-party origins. URLs containing tokens, user IDs, or session params end up in third-party logs. Set `Referrer-Policy: strict-origin-when-cross-origin` (or stricter) to limit leakage.

Source: MDN / W3C

Controls which browser features (camera, microphone, geolocation) are allowed. Set it to restrict unused features.

Expected: geolocation=(), camera=(), microphone=()
Why this matters

Permissions-Policy locks down browser APIs you don't use — without it, every page can request camera/mic/geolocation if XSS lands.

Learn more

By default every page can request the camera, microphone, geolocation, payment APIs, and dozens more. Permissions-Policy turns off the ones you don't need so a future bug can't quietly start using them. It's a defense-in-depth header — one line, big surface reduction.

Source: MDN / W3C

COOP isolates your browsing context, preventing cross-origin side-channel attacks. Set to 'same-origin'.

Expected: same-origin
Why this matters

COOP isolates your top-level browsing context from cross-origin windows — without it, popup-based side-channel attacks remain possible.

Learn more

Cross-Origin-Opener-Policy: same-origin prevents cross-origin pages from sharing a browsing-context group with yours. This blocks cross-window references that enable Spectre-style timing attacks and tab-nabbing. Required if you want to enable SharedArrayBuffer.

Source: MDN / web.dev

COEP prevents loading cross-origin resources without explicit permission. Required for SharedArrayBuffer and high-resolution timers.

Expected: require-corp
Why this matters

COEP enforces that all embedded resources opt-in to cross-origin embedding — required for cross-origin isolation features.

Learn more

Cross-Origin-Embedder-Policy: require-corp ensures every embedded resource (script, iframe, image) explicitly allows being loaded cross-origin. Combined with COOP, this enables the cross-origin-isolated context that unlocks SharedArrayBuffer, high-resolution timers, and other powerful APIs.

Source: MDN / web.dev

F
Content Security Policy
Action
3 of 10 CSP checks passed
FIX
3 of 10 CSP checks passed
Info::
Raw CSP policy
Got: default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: *.visualwebsiteoptimizer.com; style-src 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com; img-src data: https: blob: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; font-src data: https:; connect-src https: data: blob: *.visualwebsiteoptimizer.com app.vwo.com; media-src blob: data: https:; object-src https:; child-src https: data: blob: 'self' *.visualwebsiteoptimizer.com app.vwo.com; upgrade-insecure-requests; block-all-mixed-content;
Info::
default-src directive is set
Got: default-src data: 'unsafe-inline' 'unsafe-eval' https:
Critical::
'unsafe-inline' found in script source
'unsafe-inline' allows inline <script> tags, defeating CSP against XSS. Remove it and use nonces or hashes instead.
Got: script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: *.visualwebsiteoptimizer.com
Critical::
'unsafe-eval' found in script source
'unsafe-eval' allows eval() and similar functions, enabling code injection. Remove it.
Got: script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: *.visualwebsiteoptimizer.com
Info::
No wildcard in script source
Warning::
object-src allows plugin content
Set object-src to 'none' to prevent Flash/Java plugin exploits.
Got: object-src https: Expected: object-src 'none'
Warning::
base-uri directive is missing
Without base-uri, attackers can inject a <base> tag to hijack relative URLs. Set it to 'self' or 'none'.
Expected: base-uri 'self'
Warning::
frame-ancestors directive is missing
frame-ancestors controls who can embed your page, preventing clickjacking. Set it to 'self' or 'none'.
Expected: frame-ancestors 'self'
Warning::
form-action directive is missing
form-action restricts where forms can submit data, preventing form hijacking.
Expected: form-action 'self'
Info::
upgrade-insecure-requests is enabled

'unsafe-inline' allows inline <script> tags, defeating CSP against XSS. Remove it and use nonces or hashes instead.

Why this matters

Unsafe value (unsafe-inline, unsafe-eval) in script-src defeats CSP's main protection — XSS injections can execute again.

Learn more

unsafe-inline allows inline <script> tags; unsafe-eval allows eval() and similar. Both are necessary for some legacy code but explicitly dangerous. Migrate to nonces (per-page random tokens) or hashes (per-script SHA-256) instead.

Source: OWASP CSP / MDN

'unsafe-eval' allows eval() and similar functions, enabling code injection. Remove it.

Why this matters

Unsafe value (unsafe-inline, unsafe-eval) in script-src defeats CSP's main protection — XSS injections can execute again.

Learn more

unsafe-inline allows inline <script> tags; unsafe-eval allows eval() and similar. Both are necessary for some legacy code but explicitly dangerous. Migrate to nonces (per-page random tokens) or hashes (per-script SHA-256) instead.

Source: OWASP CSP / MDN

Set object-src to 'none' to prevent Flash/Java plugin exploits.

Expected: object-src 'none'
Why this matters

object-src open in CSP allows Flash/PDF/plugin embedding — a now-deprecated attack vector that should be explicitly blocked.

Learn more

object-src controls <object>, <embed>, and <applet> elements. Modern sites have no need for plugins; setting `object-src 'none'` blocks an entire class of legacy XSS vectors at zero cost. If your CSP missed it, add the directive.

Source: MDN CSP

Without base-uri, attackers can inject a <base> tag to hijack relative URLs. Set it to 'self' or 'none'.

Expected: base-uri 'self'
Why this matters

Missing base-uri in CSP leaves a base-tag injection attack path open even on otherwise strict policies.

Learn more

A common omission: developers add CSP for script-src and frame-ancestors but forget base-uri. The result is a CSP that looks strict but lets an attacker rewrite every URL on the page via <base href>. Add `base-uri 'self'` to close the gap.

Source: MDN CSP

frame-ancestors controls who can embed your page, preventing clickjacking. Set it to 'self' or 'none'.

Expected: frame-ancestors 'self'
Why this matters

Security gaps expose your site and users to attacks, eroding trust.

form-action restricts where forms can submit data, preventing form hijacking.

Expected: form-action 'self'
Why this matters

Security gaps expose your site and users to attacks, eroding trust.

Parsed Policy

default-src data:'unsafe-inline''unsafe-eval'https:
script-src data:'unsafe-inline''unsafe-eval'https:blob:*.visualwebsiteoptimizer.com
style-src 'unsafe-inline'https:*.visualwebsiteoptimizer.comapp.vwo.com
img-src data:https:blob:*.visualwebsiteoptimizer.comapp.vwo.comuseruploads.vwo.io
font-src data:https:
connect-src https:data:blob:*.visualwebsiteoptimizer.comapp.vwo.com
media-src blob:data:https:
object-src https:
child-src https:data:blob:'self'*.visualwebsiteoptimizer.comapp.vwo.com
upgrade-insecure-requests
block-all-mixed-content
F
Subresource Integrity
Action
0 of 110 external resources have SRI
FIX
0 of 110 external resources have SRI
Warning::
External script from sb.scorecardresearch.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://sb.scorecardresearch.com/c2/6035443/cs.js
Warning::
External script from de.tynt.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://de.tynt.com/deb/v2?id=rc!&dn=AFRC&cc=1&chuav=Not-A.Brand%3Bv%3D24.0.0.0%2C%20Chromium%3Bv%3D146.0.7680.164&chp=Linux&chmob=0&chua=Not-A.Brand%3Bv%3D24%2C%20Chromium%3Bv%3D146&r=&gpp=DBACOe~CQjA2wAQjA2wAEXyIAENCaFgAAAAAEPgACiQAAAOWgIAAcABAACQAGgARQAmABoAEcAK0AZYBAACDgKlAXmA0UBywAAA.IHLQHwAFAANgAwADIAHAAQAAkABaADQAHQAPQAigBMACgAFIALYAXgA0QCOAI8ASgAnQBWgDLAHiAQAAg4CogFSgLzAYyA0UBywA~BQjA2wAQjA2wAEXyIAENCaFAAAAAAIfAAAAAA5aAgABwAEAAJAAaABFACYAGgARwArQBlgEAAIOAqUBeYDRQHLAAAA.IHLQHwAFAANgAwADIAHAAQAAkABaADQAHQAPQAigBMACgAFIALYAXgA0QCOAI8ASgAnQBWgDLAHiAQAAg4CogFSgLzAYyA0UByw~1YN-&gpp_sid=6&pu=https%3A%2F%2Fwww.sun-sentinel.com%2F
Warning::
External script from tagan.adlightning.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://tagan.adlightning.com/mng-trib/bl-0d6ee0c-5b463eb9.js
Warning::
External script from tagan.adlightning.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://tagan.adlightning.com/mng-trib/b-682065e-27e6b6d7.js
Warning::
External script from launchpad.privacymanager.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://launchpad.privacymanager.io/latest/launchpad.bundle.js
Warning::
External script from www.googletagmanager.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.googletagmanager.com/gtag/js?id=G-5EB8S4P93T&l=MG2DL&cx=c&gtm=4e64h1
Warning::
External script from www.googletagmanager.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.googletagmanager.com/gtm.js?id=GTM-NFD2QGD&l=MG2DL
Warning::
External script from sdk.mrf.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://sdk.mrf.io/statics/marfeel-sdk.es5.js?id=5546
Warning::
External script from sdk.mrf.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://sdk.mrf.io/statics/marfeel-sdk.js?id=5546
Warning::
External script from www.googletagmanager.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.googletagmanager.com/gtag/js?id=G-QZQCLT8CTC&cx=c&gtm=4e64h1
Warning::
External script from www.googletagmanager.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.googletagmanager.com/gtm.js?id=GTM-TLFP4R
Warning::
External script from js.matheranalytics.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://js.matheranalytics.com/s/ma89701/197837613/wp/ml.js?cb=1714
Warning::
External script from thebestpaints.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://thebestpaints.com/assets/i4qhe8g3f3zu.v1.js
Warning::
External link from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/_static/??-eJyNjD0OgkAQRi/kMtqwWBgLD+AZACc4yc4s8ZsN4fashYVUlN/Pe7TMYczmbE5zKpMYCOIc/gKKBdSLGCd6CZxG1MnXxI2KNTWd6JDJPzIU4yMSf7Myvo32yLZDnugtPwo864++6+0SYxvj9dx2G1NUURs=
Warning::
External link from htlbid.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://htlbid.com/v3/sun-sentinel.com/htlbid.css?ver=6.9.4
Warning::
External link from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/client-mu-plugins/src/Sitemap/includes/style.css?m=1764694815g
Warning::
External link from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/plugins/mng-digisubs/static/mng-digisubs.styles.css?ver=1776805221
Warning::
External link from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/_static/??-eJx9zDEKwzAMheELVVW7xGQopUdJHGELbMlEMiW3rykUOmV4/PCGD98NooqTOMbCI1A7tNITi+GvVRIYKeS+4mJGbhhtTNuxc8oOos6RruO84Kloe8TXZv9K1ZULwbJlMlYB86N8qWd93EOYQphvU/gASfE+WQ==
Warning::
External link from fonts.googleapis.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://fonts.googleapis.com/css?family=Noto+Sans%3A400%2C700%2C800%7CNoto+Serif%3A400%2C400i%2C700%2C700i%2C800&display=swap&ver=6.9.4
Warning::
External link from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/themes/assets/static/css/measuredvibrant.css?m=1776805221g
Warning::
External link from cdn.jsdelivr.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.min.css?ver=5.2.0
Warning::
External link from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/plugins/dfm-ad-mods/dist/css/style.min.css?m=1776779068g
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/client-mu-plugins/src/Auth0/assets/dist/auth0-session-storage.min.js?ver=1.0.4
Warning::
External script from cmp.osano.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Warning::
External script from ajax.googleapis.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js?ver=3.5.1
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/plugins/site-plugins/site-sun-sentinel/dist/js/main.min.js?m=1776779068g
Warning::
External script from htlbid.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://htlbid.com/v3/sun-sentinel.com/htlbid.js?ver=6.9.4
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/client-mu-plugins/src/SSO/assets/js/sso-tools.min.js?m=1764694815g
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/plugins/loader-wp/static/loader.min.js?ver=1.6.4
Warning::
External script from az416426.vo.msecnd.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/_static/??-eJydzDEOwjAMQNELkZhWgrIgLsDKAZLGslwlbhQ7KtweFqQOTKxfeh+26uZVDMWg5k4sCnkNCZvbKqgF4xlQKBDeObbQXr6w+EUP8EMWIZeYWHvUL943r2jGQupjl5Tx788HCD7tYZx3r1u5DtN0vhxP4zgsb93+Ueo=
Warning::
External script from cdn.auth0.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cdn.auth0.com/js/auth0-spa-js/1.13/auth0-spa-js.production.js?ver=6.9.4
Warning::
External script from accounts.google.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://accounts.google.com/gsi/client?ver=6.9.4
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/_static/??-eJylzM0OQDAQBOAXoovEz0VcvUZL06y0S+w2PL46iSunSSYzHxxbPq0klgQ2Hx0SQyCXz+iQo2Fg0YLTq1NBIykTafZWLZzBFyMdyJ7yl0ljFG9DSv5rRRz1DewPNIS+bNumK+qqKpcLv3xxFw==
Warning::
External script from t133.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://t133.sun-sentinel.com/script.js
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/_static/??-eJyNzEEOAiEMheELCXUm0XFjXHgSBhCKtBBb4vUd3Zm4cPfyku+HZze+sUZW6HUkZIFwI+OCoRa2jaJQBHKWes3R3y0h2yI7+AGJkwmYUMYq4ESiyttK6xmBnOb4+JuLOkX/9dlPyK6DQ41b5ELnaVmOp/1hnqfyAv97SlA=
Warning::
External script from cdn.sophi.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cdn.sophi.io/assets/demeter/1/stable/2696132541.js?ver=6.9.4
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/_static/??-eJzTLy/QTc7PK0nNK9EvyClNz8wr1s/NS9dNyUzPLC5NKtYvLkksyUxGEdNLLAIK5aQGZyQWpeolleal5KTqZRXr6FNiVmIZklH2ubaG5uZmFgamRkaGWQAo2zy/
Warning::
External link from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/mu-plugins/jetpack-15.5/modules/widgets/top-posts/style.css?m=1776195303g
Warning::
External script from fp.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://fp.sun-sentinel.com/prod/dfm/fp.min.js?2026321
Warning::
External script from g2i.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://g2i.sun-sentinel.com/prod/dfm/g2i.min.js?2026321
Warning::
External script from engage.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://engage.sun-sentinel.com/prod/dfm/t8y9347t.min.js?2026321
Warning::
External link from engage.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://engage.sun-sentinel.com/prod/dfm/t8y9347t.min.css?2026321
Warning::
External script from cds.connatix.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //cds.connatix.com/p/plugins/prebid-cache-scraper-3.js
Warning::
External script from cdn-p.cityspark.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //cdn-p.cityspark.com/wid/9260.jsx?b=592271978&on=aHR0cHM6Ly93d3cuc3VuLXNlbnRpbmVsLmNvbS8=&callback=jsonp9260
Warning::
External script from securepubads.g.doubleclick.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Warning::
External script from tagan.adlightning.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://tagan.adlightning.com/mng-trib/op.js
Warning::
External script from launchpad-wrapper.privacymanager.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://launchpad-wrapper.privacymanager.io/70bb23e5-a2a7-414e-b709-7066b1333c83/launchpad-liveramp.js
Warning::
External script from raven-edge.aditude.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://raven-edge.aditude.io/raven/medianewsgroup-main-vIqAa/library.js
Warning::
External script from c.amazon-adsystem.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://c.amazon-adsystem.com/aax2/apstag.js
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-includes/js/wp-emoji-release.min.js?ver=6.9.4
Warning::
External script from cdn.sophi.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cdn.sophi.io/assets/demeter/1/stable/2696132541/extensions.js
Warning::
External script from sdk.mrf.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://sdk.mrf.io/statics/compass-multimedia-sdk.js?version=2260
Warning::
External script from sdk.mrf.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://sdk.mrf.io/statics/compass-multimedia-sdk.es5.js?version=2260
Warning::
External script from marfeelexperimentsexperienceengine.mrf.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://marfeelexperimentsexperienceengine.mrf.io/experimentsexperience/render?id=AC_2mZNIOA_TwaOcb4NO26VHw&experimentType=HeadlineAB&version=esnext
Warning::
External script from marfeelexperimentsexperienceengine.mrf.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://marfeelexperimentsexperienceengine.mrf.io/experimentsexperience/render?id=AC_2mZNIOA_TwaOcb4NO26VHw&experimentType=HeadlineAB&version=legacy
Warning::
External script from d15kdpgjg3unno.cloudfront.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=3
Warning::
External script from az416426.vo.msecnd.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Warning::
External script from raven-static.aditude.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://raven-static.aditude.io/prod/1.19.14-y0ptsc/raven.js
Warning::
External script from securepubads.g.doubleclick.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604200101/pubads_impl.js?cb=31097964
Warning::
External script from fundingchoicesmessages.google.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://fundingchoicesmessages.google.com/i/4011?ers=3
Warning::
External script from config.aps.amazon-adsystem.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://config.aps.amazon-adsystem.com/configs/3503
Warning::
External script from cdn.tynt.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cdn.tynt.com/afrc.js
Warning::
External script from jadserve.postrelease.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://jadserve.postrelease.com/t?ntv_mvi=&ntv_url=https%253A%252F%252Fwww.sun-sentinel.com%252F
Warning::
External script from marfeelexperimentsexperienceengine.mrf.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://marfeelexperimentsexperienceengine.mrf.io/experimentsexperience/render?siteId=5546&url=https%3A%2F%2Fwww.sun-sentinel.com%2F&experimentType=HeadlineAB&lang=es&version=esnext
Warning::
External script from marfeelexperimentsexperienceengine.mrf.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://marfeelexperimentsexperienceengine.mrf.io/experimentsexperience/render?siteId=5546&url=https%3A%2F%2Fwww.sun-sentinel.com%2F&experimentType=HeadlineAB&lang=es&version=legacy
Warning::
External script from fundingchoicesmessages.google.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://fundingchoicesmessages.google.com/f/AGSKWxWZs2UVqvJ4Sfc_RPnbCHMaxjC_DHEA7WKzYRxC7GBIzSxg7PjTPIz2-qIpf-Mj1xAoq7J33mc2ZxRB-GV_UpsURUK6otL3AqMK73ipvGdNPbj3yE9DM3mTTKh5F22MG2zguEwx6A==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzc2ODE1OTQwLDk3MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuc3VuLXNlbnRpbmVsLmNvbS8iLG51bGwsW1s4LCJEc0tHTi1xcWZyUSJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbbnVsbCw1MDcyXV1dIl0sWzM1LCIxNzc2ODE1OTQwIl0sWzE5LCIyIl0sWzE3LCJbMF0iXSxbMjQsIiJdLFsyOSwiZmFsc2UiXV1d
Warning::
External script from static.criteo.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://static.criteo.net/js/ld/publishertag.ids.js
Warning::
External script from cdn.mgaru.dev lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cdn.mgaru.dev/static/myGaruStandalone.js
Warning::
External script from tags.crwdcntrl.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Warning::
External script from cdn.jsdelivr.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js
Warning::
External script from oa.openxcdn.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://oa.openxcdn.net/esp.js
Warning::
External script from connectid.analytics.yahoo.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://connectid.analytics.yahoo.com/connectId-gpt.js
Warning::
External script from ads.pubmatic.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://ads.pubmatic.com/AdServer/js/google-esp.js
Warning::
External script from cdn.id5-sync.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cdn.id5-sync.com/api/1.0/esp.js
Warning::
External script from invstatic101.creativecdn.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Warning::
External script from cdn-ima.33across.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cdn-ima.33across.com/ima.js
Warning::
External script from secure.cdn.fastclick.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Warning::
External script from secure.cdn.fastclick.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher-stub.min.js
Warning::
External script from ads.pubmatic.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Warning::
External script from connext-fd-gnbrate4fjhjb3f7.z01.azurefd.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //connext-fd-gnbrate4fjhjb3f7.z01.azurefd.net/index.js
Warning::
External script from fundingchoicesmessages.google.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://fundingchoicesmessages.google.com/f/AGSKWxUcG8Tfevt1xTqfT98ELu0m1J0W3JwrdlC7NrHVXW81XrNi8S4GqlJrYunhJJudULIFhrHHTUkvrOFv_OvQz-nQ74hA8uYkchVre0Nky-1LFyT76SAzsrGWS0ARVnuDwIOKJOXdvg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzc2ODE1OTQyLDMzODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3LnN1bi1zZW50aW5lbC5jb20vIixudWxsLFtbOCwiRHNLR04tcXFmclEiXSxbOSwiZW4tVVMiXSxbMTgsIltbW251bGwsNTA3Ml1dXSJdLFszNSwiMTc3NjgxNTk0MCJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXSxbMjksImZhbHNlIl1dXQ
Warning::
External script from secure.cdn.fastclick.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Warning::
External script from secure.cdn.fastclick.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://secure.cdn.fastclick.net/js/cnvr-coreid/latest/coreid.min.js
Warning::
External script from cdn.jsdelivr.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cdn.jsdelivr.net/npm/web-vitals@3/dist/web-vitals.attribution.iife.js
Warning::
External script from cdn.adapex.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cdn.adapex.io/hb/aaw.empowerlocal_e.js
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/_static/??-eJyVj7EOwjAMRH+I1rA0MCAGFhY+ImpC45LYUe2A6NcTkECwIDHe6Z7uDq656ZnUk4IGn7xAdZIVJnAoCqMAiyXeF1FObUJqR1nAB5ZjGZAEEg1N0PjGqj5oPLKTX1QOrEwnjBEunhxPkLHXMvmH9R8Y7XwTnP1XH1Ifi6u36qLnssB8fiV2absypjNms+zW4x1eiGQL
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/mu-plugins/wp-parsely-3.23/build/loader.js?ver=ecf94842061bea03d54b
Warning::
External script from cdn.parsely.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cdn.parsely.com/keys/sun-sentinel.com/p.js?ver=3.23.1
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/themes/wp-mason/dist/js/ads.min.js?ver=1.0
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/_static/??-eJyVzk0KwkAMQOEL2cYWtG5EuvQYY5OOKZNMadKKt/cHFy5EdPvggweXseiyOqmDn0nIIJiRG5gH5w4GgzGna88pWSms5WAr+AEJBZsnwoVPU1D/Qu9FgmUFZPMHTTnmo8TWffrExjRHVgPspQhYSEZ7owHb58q/0mpdGCm/3EH2VdNsd+tNXVfDDRSFbJY=
Warning::
External script from s.ntv.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://s.ntv.io/serve/load.js
Warning::
External script from embed.sendtonews.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //embed.sendtonews.com/player3/embedcode.js?fk=mrvcpzxb&cid=4641&offsetx=0&offsety=112&floatwidth=400&floatposition=bottom-right&ver=1.0.0
Warning::
External script from mp.mmvideocdn.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://mp.mmvideocdn.com/mini-player/prod/voltax_mp.js
Warning::
External script from applepay.cdn-apple.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://applepay.cdn-apple.com/jsapi/1.latest/apple-pay-sdk.js
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/plugins/mng-digisubs/static/mng-digisubs.apple.bundle.js?m=1776805221g
Warning::
External script from www.sun-sentinel.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://www.sun-sentinel.com/wp-content/plugins/mng-cache-control/Src/assets/dist/mng-cache-control-adminbar.js?ver=0.2.1
Warning::
External script from stats.wp.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://stats.wp.com/e-202617.js
Warning::
External script from cdn.p-n.io lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://cdn.p-n.io/pushly-sdk.min.js?domain_key=nZFVv1X9GYFO7N0hAvXMB7QXuFQP9RXSifvL&ver=6.9.4
Warning::
External script from delivery.revcontent.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://delivery.revcontent.com/190264/284223/widget.js?ver=6.9.4
Warning::
External script from cdn.cityspark.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //cdn.cityspark.com/wid/get.js?ver=6.9.4
Warning::
External script from b-code.liadm.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //b-code.liadm.com/0.min.js
Warning::
External script from b-code.liadm.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //b-code.liadm.com/a-030o.min.js
Warning::
External script from b-code.liadm.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //b-code.liadm.com/a-030o.min.js
Warning::
External script from b-code.liadm.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //b-code.liadm.com/a-030o.min.js
Warning::
External script from d1y4ng3lozj2yp.cloudfront.net lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://d1y4ng3lozj2yp.cloudfront.net/automatic_signups/v1/sign_me_up.js
Warning::
External script from b-code.liadm.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //b-code.liadm.com/a-030o.min.js
Warning::
External script from b-code.liadm.com lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: //b-code.liadm.com/a-030o.min.js
Warning::
External script from ep2.adtrafficquality.google lacks integrity attribute
Without SRI, if this CDN is compromised, attackers could inject malicious code.
Got: https://ep2.adtrafficquality.google/sodar/sodar2.js
SRI Coverage 0 / 110 of external resources have integrity hashes
TagDomainIntegrity
<script>sb.scorecardresearch.com Missing
<script>de.tynt.com Missing
<script>tagan.adlightning.com Missing
<script>tagan.adlightning.com Missing
<script>launchpad.privacymanager.io Missing
<script>www.googletagmanager.com Missing
<script>www.googletagmanager.com Missing
<script>sdk.mrf.io Missing
<script>sdk.mrf.io Missing
<script>www.googletagmanager.com Missing
<script>www.googletagmanager.com Missing
<script>js.matheranalytics.com Missing
<script>thebestpaints.com Missing
<link>www.sun-sentinel.com Missing
<link>htlbid.com Missing
<link>www.sun-sentinel.com Missing
<link>www.sun-sentinel.com Missing
<link>www.sun-sentinel.com Missing
<link>fonts.googleapis.com Missing
<link>www.sun-sentinel.com Missing
<link>cdn.jsdelivr.net Missing
<link>www.sun-sentinel.com Missing
<script>www.sun-sentinel.com Missing
<script>cmp.osano.com Missing
<script>ajax.googleapis.com Missing
<script>www.sun-sentinel.com Missing
<script>htlbid.com Missing
<script>www.sun-sentinel.com Missing
<script>www.sun-sentinel.com Missing
<script>az416426.vo.msecnd.net Missing
<script>www.sun-sentinel.com Missing
<script>cdn.auth0.com Missing
<script>accounts.google.com Missing
<script>www.sun-sentinel.com Missing
<script>t133.sun-sentinel.com Missing
<script>www.sun-sentinel.com Missing
<script>cdn.sophi.io Missing
<script>www.sun-sentinel.com Missing
<link>www.sun-sentinel.com Missing
<script>fp.sun-sentinel.com Missing
<script>g2i.sun-sentinel.com Missing
<script>engage.sun-sentinel.com Missing
<link>engage.sun-sentinel.com Missing
<script>cds.connatix.com Missing
<script>cdn-p.cityspark.com Missing
<script>securepubads.g.doubleclick.net Missing
<script>tagan.adlightning.com Missing
<script>launchpad-wrapper.privacymanager.io Missing
<script>raven-edge.aditude.io Missing
<script>c.amazon-adsystem.com Missing
<script>www.sun-sentinel.com Missing
<script>cdn.sophi.io Missing
<script>sdk.mrf.io Missing
<script>sdk.mrf.io Missing
<script>marfeelexperimentsexperienceengine.mrf.io Missing
<script>marfeelexperimentsexperienceengine.mrf.io Missing
<script>d15kdpgjg3unno.cloudfront.net Missing
<script>az416426.vo.msecnd.net Missing
<script>raven-static.aditude.io Missing
<script>securepubads.g.doubleclick.net Missing
<script>fundingchoicesmessages.google.com Missing
<script>config.aps.amazon-adsystem.com Missing
<script>cdn.tynt.com Missing
<script>jadserve.postrelease.com Missing
<script>marfeelexperimentsexperienceengine.mrf.io Missing
<script>marfeelexperimentsexperienceengine.mrf.io Missing
<script>fundingchoicesmessages.google.com Missing
<script>static.criteo.net Missing
<script>cdn.mgaru.dev Missing
<script>tags.crwdcntrl.net Missing
<script>cdn.jsdelivr.net Missing
<script>oa.openxcdn.net Missing
<script>connectid.analytics.yahoo.com Missing
<script>ads.pubmatic.com Missing
<script>cdn.id5-sync.com Missing
<script>invstatic101.creativecdn.com Missing
<script>cdn-ima.33across.com Missing
<script>secure.cdn.fastclick.net Missing
<script>secure.cdn.fastclick.net Missing
<script>ads.pubmatic.com Missing
<script>connext-fd-gnbrate4fjhjb3f7.z01.azurefd.net Missing
<script>fundingchoicesmessages.google.com Missing
<script>secure.cdn.fastclick.net Missing
<script>secure.cdn.fastclick.net Missing
<script>cdn.jsdelivr.net Missing
<script>cdn.adapex.io Missing
<script>www.sun-sentinel.com Missing
<script>www.sun-sentinel.com Missing
<script>www.sun-sentinel.com Missing
<script>cdn.parsely.com Missing
<script>www.sun-sentinel.com Missing
<script>www.sun-sentinel.com Missing
<script>s.ntv.io Missing
<script>embed.sendtonews.com Missing
<script>mp.mmvideocdn.com Missing
<script>applepay.cdn-apple.com Missing
<script>www.sun-sentinel.com Missing
<script>www.sun-sentinel.com Missing
<script>stats.wp.com Missing
<script>cdn.p-n.io Missing
<script>delivery.revcontent.com Missing
<script>cdn.cityspark.com Missing
<script>b-code.liadm.com Missing
<script>b-code.liadm.com Missing
<script>b-code.liadm.com Missing
<script>b-code.liadm.com Missing
<script>d1y4ng3lozj2yp.cloudfront.net Missing
<script>b-code.liadm.com Missing
<script>b-code.liadm.com Missing
<script>ep2.adtrafficquality.google Missing
D
Permissions-Policy
Action
No header set
FIX
No header set
Warning::
No Permissions-Policy header
Consider adding a Permissions-Policy header to restrict browser feature access from embedded content.

No Permissions-Policy header set.

Without this header, embedded iframes can request access to sensitive device features.

Suggested header
Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=(), usb=()
D
security.txt
Action
No /.well-known/security.txt published
FIX

security.txt

No security.txt found at /.well-known/security.txt

B
CORS Configuration
No CORS headers
REVIEW
No CORS headers
Info::
No CORS headers present — secure default
CORS Configuration Secure

No CORS headers detected.

Cross-origin requests are blocked by browser same-origin policy.

Origin reflection test

Some servers mirror the request Origin header, which can be exploited. Test manually:

curl -sI -H "Origin: https://evil.com" <url> | grep -i access-control
B
Transport Security
HTTP/3, HSTS, and TLS version analysis
REVIEW
HTTP/3, HSTS, and TLS version analysis
Info::
HTTP/3 (QUIC) not advertised
HTTP/3 eliminates head-of-line blocking. If your CDN supports it, consider enabling it.
Warning::
Missing Strict-Transport-Security header
HSTS tells browsers to only use HTTPS, preventing SSL stripping attacks.
Info::
TLS 1.3 in use (fastest handshake, 1-RTT)
A+
TLS & Certificates
TLS 1.3, 7 checks passed
PASS
TLS 1.3, 7 checks passed
Info::
TLS 1.3 is used
Got: TLS 1.3
Info::
Strong cipher suite is used
Got: TLS_CHACHA20_POLY1305_SHA256
Info::
HTTP/2 is not negotiated
HTTP/2 provides multiplexing and header compression for better performance.
Got: http/1.1
Info::
Certificate is valid (expires in 39 days)
Got: 2026-05-31T03:27:04Z
Info::
Certificate chain has 2 certificates
Info::
Certificate uses modern signature algorithm
Got: ECDSA-SHA384
Info::
Certificate covers 2 domain(s)
Got: sun-sentinel.com, www.sun-sentinel.com
Info::
Certificate is issued by a trusted CA
Got: CN=E7,O=Let's Encrypt,C=US

HTTP/2 provides multiplexing and header compression for better performance.

Why this matters

HTTP/1.1 forces the browser to make sequential requests, multiplying latency on every page.

Learn more

HTTP/2 (and HTTP/3) multiplex many requests over a single connection, eliminating head-of-line blocking. HTTP/1.1 forces the browser to either queue requests or open many parallel connections — both worse. Most modern web servers support HTTP/2 with one config line.

Source: MDN Web Docs

Connection
Protocol
TLS 1.3
Cipher Suite
TLS_CHACHA20_POLY1305_SHA256
HTTP Version
HTTP/1.1

Certificate Chain

Leaf Certificate
Subject CN=sun-sentinel.comIssuer CN=E7,O=Let's Encrypt,C=USValid 2026-03-02T03:27:05Z → 2026-05-31T03:27:04ZExpires in 39 days SANs sun-sentinel.com, www.sun-sentinel.comSignature ECDSA-SHA384Serial 592f871856250b12ef17d880af7b5090252
Intermediate (CA Certificate)
Subject CN=E7,O=Let's Encrypt,C=USIssuer CN=ISRG Root X1,O=Internet Security Research Group,C=USValid 2024-03-13T00:00:00Z → 2027-03-12T23:59:59ZExpires in 325 days Signature SHA256-RSASerial aa75f1e62b8f0a220966d38bbfd4baa1
A+
Cookie Security
No cookies set — no cookie security risks
PASS
No cookies set — no cookie security risks
Info::
No cookies set — no cookie security risks

No cookies detected — no cookie security risks to report.

A+
JS Library Vulnerabilities
No known vulnerabilities
PASS
No known vulnerabilities
Info::
No known JavaScript library vulnerabilities detected

No known JavaScript library vulnerabilities detected.

A+
Information Leakage
No exposures
PASS
No exposures
Info::
No security.txt found
Consider adding a security.txt at /.well-known/security.txt.
Info::
No sensitive files exposed

No sensitive files exposed — all paths returned 404.

PathStatusCategoryRisk
/.git/HEAD Not foundVersion Control
/.git/config Not foundVersion Control
/.svn/entries Not foundVersion Control
/.env Not foundConfiguration
/.env.local Not foundConfiguration
/.env.production Not foundConfiguration
/wp-config.php Not foundConfiguration
/.htaccess Not foundConfiguration
/phpinfo.php Not foundDebug
/server-status Not foundDebug
/server-info Not foundDebug
/.well-known/security.txt Not foundSecurity Policy
A+
Email Security
DMARC: reject
PASS
DMARC: reject
Info::
DMARC policy is reject — strongest protection
DMARC
Policy reject — strongest protection Record v=DMARC1; p=reject; pct=100
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback