Contents
About this report
Report parameters
Contexts
No contexts were selected, so all contexts were included by default.
Sites
The following sites were included:
- https://fonts.bunny.net
- https://fair-communications.net
(If no sites were selected, all sites were included by default.)
An included site must also be within one of the included contexts for its data to be included in the report.
Risk levels
Included: High , Medium , Low , Informational
Excluded: None
Confidence levels
Included: User Confirmed , High , Medium , Low
Excluded: User Confirmed , High , Medium , Low , False Positive
Summaries
Alert counts by risk and confidence
| Confidence | ||||||
|---|---|---|---|---|---|---|
| User Confirmed | High | Medium | Low | Total | ||
| Risk | High |
0
(0.0%) |
0
(0.0%) |
0
(0.0%) |
0
(0.0%) |
0
(0.0%) |
| Medium |
0
(0.0%) |
1
(8.3%) |
2
(16.7%) |
0
(0.0%) |
3
(25.0%) |
|
| Low |
0
(0.0%) |
2
(16.7%) |
3
(25.0%) |
0
(0.0%) |
5
(41.7%) |
|
| Informational |
0
(0.0%) |
0
(0.0%) |
2
(16.7%) |
2
(16.7%) |
4
(33.3%) |
|
| Total |
0
(0.0%) |
3
(25.0%) |
7
(58.3%) |
2
(16.7%) |
12
(100%) |
|
Alert counts by site and risk
| Risk | |||||
|---|---|---|---|---|---|
|
High
(= High) |
Medium
(>= Medium) |
Low
(>= Low) |
Informational
(>= Informational) |
||
| Site | https://fonts.bunny.net |
0
(0) |
1
(1) |
1
(2) |
0
(2) |
| https://fair-communications.net |
0
(0) |
2
(2) |
4
(6) |
4
(10) |
|
Alert counts by alert type
| Alert type | Risk | Count |
|---|---|---|
| Content Security Policy (CSP) Header Not Set | Medium |
1
(8.3%) |
| Cross-Domain Misconfiguration | Medium |
2
(16.7%) |
| Missing Anti-clickjacking Header | Medium |
1
(8.3%) |
| Cookie No HttpOnly Flag | Low |
1
(8.3%) |
| Cookie Without Secure Flag | Low |
1
(8.3%) |
| Server Leaks Version Information via "Server" HTTP Response Header Field | Low |
2
(16.7%) |
| Strict-Transport-Security Header Not Set | Low |
8
(66.7%) |
| X-Content-Type-Options Header Missing | Low |
8
(66.7%) |
| Information Disclosure - Suspicious Comments | Informational |
3
(25.0%) |
| Re-examine Cache-control Directives | Informational |
1
(8.3%) |
| Session Management Response Identified | Informational |
7
(58.3%) |
| User Agent Fuzzer | Informational |
60
(500.0%) |
| Total | 12 |
Alerts
-
Risk = Medium , Confidence = High (1)
-
https://fair-communications.net (1)
-
Content Security Policy (CSP) Header Not Set (1)
-
GET https://fair-communications.net/
Alert tags Alert description Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
Request Request line and header section (478 bytes)
GET https://fair-communications.net/ HTTP/1.1 host: fair-communications.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: ja,en-US;q=0.7,en;q=0.3 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=1Request body (0 bytes)
Response Status line and header section (1136 bytes)
HTTP/1.1 200 OK Server: nginx Date: Mon, 15 Jul 2024 08:39:19 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding Cache-Control: no-cache, private Set-Cookie: XSRF-TOKEN=eyJpdiI6ImNzaFdKeUNzMEo3eC9Na0xQNFIxenc9PSIsInZhbHVlIjoiTnpPWHFvVkh0Nm1WNkZwMWJjYUtGVWF3SlduL01PTW1IT2lhT1NhL21HWjROSlBjT2c0NWVqbThvYjlYN1VNSW51YmxxcEhlT1JIU0JheTdBMjE0am42Z3dmcnR2UDZqSEpseC91VGtLMlFIVTFlaGE3UHBNK0l2U0ZsKzFPeDkiLCJtYWMiOiJhMWVmMDgxOTcwYTM0NGU0MjJmZjBmYTcwODRjYmQ4YTM1MmViMzc5NzAxNmZlYTAyNThmMTBlYjczZDkzN2JkIiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: fair_communicationsnet_session=eyJpdiI6ImwyUmd5YTRTOVdHdEs4SG9pU1FpR0E9PSIsInZhbHVlIjoiWStTU1ZLcjVYQmxyamdkejlyZ1hoUGREZ2pVaStKT3d2TUpRVmw5WTlGR2FCRmIzbHlTdDRqVlNNWFh4bHE5QS9pSExPZjJ0dXhYdGMrUXNqcE51UzViM2s3YWYzem02SzlUWFltcUFYNnF6bGpHYmdYdm1sbnZMSVhRZjQ0azgiLCJtYWMiOiJjNGU1ZTBjYWRlOWM5ODg2ZmI5MGU4N2EwYzAzMmI0YjNkNTNlYzc5NTlkMTIyZDNlMmRiNmQ3M2IxNzMwNmE0IiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax content-length: 3560Response body (3560 bytes)
<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- CSRF Token --> <meta name="csrf-token" content="VlHd9bUtvAPptwNCmN4codUqBjpPXLQdpFKhDmVp"> <meta name="description" content="フェア・コミュニケーションズの紹介"> <title>fair-communications.net - top</title> <!-- Fonts --> <link rel="dns-prefetch" href="//fonts.bunny.net"> <link href="https://fonts.bunny.net/css?family=Nunito" rel="stylesheet"> <!-- Scripts --> <link rel="preload" as="style" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="preload" as="style" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /> </head> <body> <div id="app"> <nav class="navbar navbar-expand-md sticky-top navbar-light bg-light"> <a class="navbar-brand" href="https://fair-communications.net"> fair-communications.net </a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarToggler" aria-controls="navbarToggler" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarToggler"> <!-- Left Side Of Navbar --> <ul class="navbar-nav mr-auto"> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link active " href="https://fair-communications.net"> トップ </a> </li> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link " href="https://fair-communications.net/vulnerability-scan-service"> ウェブサイトの健康診断サービス </a> </li> </ul> <!-- Right Side Of Navbar --> <ul class="navbar-nav ml-auto"> <!-- Authentication Links --> </ul> </div> </nav> <main class=""> <div class="container"> <section class="mt-0 mb-5"> <h1 class="display-4 pb-2">フェア・コミュニケーションズ</h1> </section> <section class="mt-5 mb-5"> <h2 class="display-5 pb-2">ウェブサイトの健康診断サービス</h2> <p> ウェブサイトのセキュリティの向上のために、『ウェブサイトの健康診断サービス』を提供します。 </p> </section> </div> </main> <footer class="app-footer text-center"> <strong> Copyright © 2024 <a href="https://fair-communications.net" class="text-decoration-none">fair-communications.net</a>. </strong> All rights reserved. </footer> </div> <script type="text/javascript" src="https://fair-communications.net/js/jquery.slim.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/bootstrap.bundle.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/adminlte.min.js"></script> </body> </html>Solution Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
-
-
-
-
Risk = Medium , Confidence = Medium (2)
-
https://fonts.bunny.net (1)
-
Cross-Domain Misconfiguration (1)
-
GET https://fonts.bunny.net/css?family=Nunito
Alert tags Alert description Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server
Other info The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
Request Request line and header section (407 bytes)
GET https://fonts.bunny.net/css?family=Nunito HTTP/1.1 host: fonts.bunny.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/css,*/*;q=0.1 Accept-Language: ja,en-US;q=0.7,en;q=0.3 Connection: keep-alive Referer: https://fair-communications.net/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Priority: u=2Request body (0 bytes)
Response Status line and header section (939 bytes)
HTTP/1.1 200 OK Date: Mon, 15 Jul 2024 08:39:19 GMT Content-Type: text/css; charset=utf-8 Content-Length: 2235 Connection: keep-alive Vary: Accept-Encoding Server: BunnyCDN-PH1-970 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: PH Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Cache-Control: public, max-age=2592000 Last-Modified: Thu, 04 Jul 2024 15:43:57 GMT CDN-ProxyVer: 1.04 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 07/04/2024 15:43:57 CDN-EdgeStorageId: 970 CDN-Status: 200 CDN-RequestId: 1587d2503cfdb453f15e949718c8da80 CDN-Cache: HIT Accept-Ranges: bytesResponse body (2235 bytes)
/* latin */ @font-face { font-family: 'Nunito'; font-style: normal; font-weight: 400; font-stretch: 100%; src: url(https://fonts.bunny.net/nunito/files/nunito-latin-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/nunito/files/nunito-latin-400-normal.woff) format('woff'); unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD; } /* cyrillic */ @font-face { font-family: 'Nunito'; font-style: normal; font-weight: 400; font-stretch: 100%; src: url(https://fonts.bunny.net/nunito/files/nunito-cyrillic-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/nunito/files/nunito-cyrillic-400-normal.woff) format('woff'); unicode-range: U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116; } /* latin-ext */ @font-face { font-family: 'Nunito'; font-style: normal; font-weight: 400; font-stretch: 100%; src: url(https://fonts.bunny.net/nunito/files/nunito-latin-ext-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/nunito/files/nunito-latin-ext-400-normal.woff) format('woff'); unicode-range: U+0100-02AF,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1E00-1EFF,U+2020,U+20A0-20AB,U+20AD-20CF,U+2113,U+2C60-2C7F,U+A720-A7FF; } /* vietnamese */ @font-face { font-family: 'Nunito'; font-style: normal; font-weight: 400; font-stretch: 100%; src: url(https://fonts.bunny.net/nunito/files/nunito-vietnamese-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/nunito/files/nunito-vietnamese-400-normal.woff) format('woff'); unicode-range: U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB; } /* cyrillic-ext */ @font-face { font-family: 'Nunito'; font-style: normal; font-weight: 400; font-stretch: 100%; src: url(https://fonts.bunny.net/nunito/files/nunito-cyrillic-ext-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/nunito/files/nunito-cyrillic-ext-400-normal.woff) format('woff'); unicode-range: U+0460-052F,U+1C80-1C88,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F; }Evidence Access-Control-Allow-Origin: *Solution Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).
Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
-
-
-
https://fair-communications.net (1)
-
Missing Anti-clickjacking Header (1)
-
GET https://fair-communications.net/
Alert tags Alert description The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.
Request Request line and header section (478 bytes)
GET https://fair-communications.net/ HTTP/1.1 host: fair-communications.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: ja,en-US;q=0.7,en;q=0.3 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=1Request body (0 bytes)
Response Status line and header section (1136 bytes)
HTTP/1.1 200 OK Server: nginx Date: Mon, 15 Jul 2024 08:39:19 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding Cache-Control: no-cache, private Set-Cookie: XSRF-TOKEN=eyJpdiI6ImNzaFdKeUNzMEo3eC9Na0xQNFIxenc9PSIsInZhbHVlIjoiTnpPWHFvVkh0Nm1WNkZwMWJjYUtGVWF3SlduL01PTW1IT2lhT1NhL21HWjROSlBjT2c0NWVqbThvYjlYN1VNSW51YmxxcEhlT1JIU0JheTdBMjE0am42Z3dmcnR2UDZqSEpseC91VGtLMlFIVTFlaGE3UHBNK0l2U0ZsKzFPeDkiLCJtYWMiOiJhMWVmMDgxOTcwYTM0NGU0MjJmZjBmYTcwODRjYmQ4YTM1MmViMzc5NzAxNmZlYTAyNThmMTBlYjczZDkzN2JkIiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: fair_communicationsnet_session=eyJpdiI6ImwyUmd5YTRTOVdHdEs4SG9pU1FpR0E9PSIsInZhbHVlIjoiWStTU1ZLcjVYQmxyamdkejlyZ1hoUGREZ2pVaStKT3d2TUpRVmw5WTlGR2FCRmIzbHlTdDRqVlNNWFh4bHE5QS9pSExPZjJ0dXhYdGMrUXNqcE51UzViM2s3YWYzem02SzlUWFltcUFYNnF6bGpHYmdYdm1sbnZMSVhRZjQ0azgiLCJtYWMiOiJjNGU1ZTBjYWRlOWM5ODg2ZmI5MGU4N2EwYzAzMmI0YjNkNTNlYzc5NTlkMTIyZDNlMmRiNmQ3M2IxNzMwNmE0IiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax content-length: 3560Response body (3560 bytes)
<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- CSRF Token --> <meta name="csrf-token" content="VlHd9bUtvAPptwNCmN4codUqBjpPXLQdpFKhDmVp"> <meta name="description" content="フェア・コミュニケーションズの紹介"> <title>fair-communications.net - top</title> <!-- Fonts --> <link rel="dns-prefetch" href="//fonts.bunny.net"> <link href="https://fonts.bunny.net/css?family=Nunito" rel="stylesheet"> <!-- Scripts --> <link rel="preload" as="style" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="preload" as="style" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /> </head> <body> <div id="app"> <nav class="navbar navbar-expand-md sticky-top navbar-light bg-light"> <a class="navbar-brand" href="https://fair-communications.net"> fair-communications.net </a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarToggler" aria-controls="navbarToggler" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarToggler"> <!-- Left Side Of Navbar --> <ul class="navbar-nav mr-auto"> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link active " href="https://fair-communications.net"> トップ </a> </li> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link " href="https://fair-communications.net/vulnerability-scan-service"> ウェブサイトの健康診断サービス </a> </li> </ul> <!-- Right Side Of Navbar --> <ul class="navbar-nav ml-auto"> <!-- Authentication Links --> </ul> </div> </nav> <main class=""> <div class="container"> <section class="mt-0 mb-5"> <h1 class="display-4 pb-2">フェア・コミュニケーションズ</h1> </section> <section class="mt-5 mb-5"> <h2 class="display-5 pb-2">ウェブサイトの健康診断サービス</h2> <p> ウェブサイトのセキュリティの向上のために、『ウェブサイトの健康診断サービス』を提供します。 </p> </section> </div> </main> <footer class="app-footer text-center"> <strong> Copyright © 2024 <a href="https://fair-communications.net" class="text-decoration-none">fair-communications.net</a>. </strong> All rights reserved. </footer> </div> <script type="text/javascript" src="https://fair-communications.net/js/jquery.slim.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/bootstrap.bundle.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/adminlte.min.js"></script> </body> </html>Parameter x-frame-optionsSolution Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.
If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
-
-
-
-
Risk = Low , Confidence = High (2)
-
https://fonts.bunny.net (1)
-
Server Leaks Version Information via "Server" HTTP Response Header Field (1)
-
GET https://fonts.bunny.net/css?family=Nunito
Alert tags Alert description The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.
Request Request line and header section (407 bytes)
GET https://fonts.bunny.net/css?family=Nunito HTTP/1.1 host: fonts.bunny.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/css,*/*;q=0.1 Accept-Language: ja,en-US;q=0.7,en;q=0.3 Connection: keep-alive Referer: https://fair-communications.net/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Priority: u=2Request body (0 bytes)
Response Status line and header section (939 bytes)
HTTP/1.1 200 OK Date: Mon, 15 Jul 2024 08:39:19 GMT Content-Type: text/css; charset=utf-8 Content-Length: 2235 Connection: keep-alive Vary: Accept-Encoding Server: BunnyCDN-PH1-970 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: PH Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Cache-Control: public, max-age=2592000 Last-Modified: Thu, 04 Jul 2024 15:43:57 GMT CDN-ProxyVer: 1.04 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 07/04/2024 15:43:57 CDN-EdgeStorageId: 970 CDN-Status: 200 CDN-RequestId: 1587d2503cfdb453f15e949718c8da80 CDN-Cache: HIT Accept-Ranges: bytesResponse body (2235 bytes)
/* latin */ @font-face { font-family: 'Nunito'; font-style: normal; font-weight: 400; font-stretch: 100%; src: url(https://fonts.bunny.net/nunito/files/nunito-latin-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/nunito/files/nunito-latin-400-normal.woff) format('woff'); unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD; } /* cyrillic */ @font-face { font-family: 'Nunito'; font-style: normal; font-weight: 400; font-stretch: 100%; src: url(https://fonts.bunny.net/nunito/files/nunito-cyrillic-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/nunito/files/nunito-cyrillic-400-normal.woff) format('woff'); unicode-range: U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116; } /* latin-ext */ @font-face { font-family: 'Nunito'; font-style: normal; font-weight: 400; font-stretch: 100%; src: url(https://fonts.bunny.net/nunito/files/nunito-latin-ext-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/nunito/files/nunito-latin-ext-400-normal.woff) format('woff'); unicode-range: U+0100-02AF,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1E00-1EFF,U+2020,U+20A0-20AB,U+20AD-20CF,U+2113,U+2C60-2C7F,U+A720-A7FF; } /* vietnamese */ @font-face { font-family: 'Nunito'; font-style: normal; font-weight: 400; font-stretch: 100%; src: url(https://fonts.bunny.net/nunito/files/nunito-vietnamese-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/nunito/files/nunito-vietnamese-400-normal.woff) format('woff'); unicode-range: U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB; } /* cyrillic-ext */ @font-face { font-family: 'Nunito'; font-style: normal; font-weight: 400; font-stretch: 100%; src: url(https://fonts.bunny.net/nunito/files/nunito-cyrillic-ext-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/nunito/files/nunito-cyrillic-ext-400-normal.woff) format('woff'); unicode-range: U+0460-052F,U+1C80-1C88,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F; }Evidence BunnyCDN-PH1-970Solution Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
-
-
-
https://fair-communications.net (1)
-
Strict-Transport-Security Header Not Set (1)
-
GET https://fair-communications.net/
Alert tags Alert description HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.
Request Request line and header section (478 bytes)
GET https://fair-communications.net/ HTTP/1.1 host: fair-communications.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: ja,en-US;q=0.7,en;q=0.3 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=1Request body (0 bytes)
Response Status line and header section (1136 bytes)
HTTP/1.1 200 OK Server: nginx Date: Mon, 15 Jul 2024 08:39:19 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding Cache-Control: no-cache, private Set-Cookie: XSRF-TOKEN=eyJpdiI6ImNzaFdKeUNzMEo3eC9Na0xQNFIxenc9PSIsInZhbHVlIjoiTnpPWHFvVkh0Nm1WNkZwMWJjYUtGVWF3SlduL01PTW1IT2lhT1NhL21HWjROSlBjT2c0NWVqbThvYjlYN1VNSW51YmxxcEhlT1JIU0JheTdBMjE0am42Z3dmcnR2UDZqSEpseC91VGtLMlFIVTFlaGE3UHBNK0l2U0ZsKzFPeDkiLCJtYWMiOiJhMWVmMDgxOTcwYTM0NGU0MjJmZjBmYTcwODRjYmQ4YTM1MmViMzc5NzAxNmZlYTAyNThmMTBlYjczZDkzN2JkIiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: fair_communicationsnet_session=eyJpdiI6ImwyUmd5YTRTOVdHdEs4SG9pU1FpR0E9PSIsInZhbHVlIjoiWStTU1ZLcjVYQmxyamdkejlyZ1hoUGREZ2pVaStKT3d2TUpRVmw5WTlGR2FCRmIzbHlTdDRqVlNNWFh4bHE5QS9pSExPZjJ0dXhYdGMrUXNqcE51UzViM2s3YWYzem02SzlUWFltcUFYNnF6bGpHYmdYdm1sbnZMSVhRZjQ0azgiLCJtYWMiOiJjNGU1ZTBjYWRlOWM5ODg2ZmI5MGU4N2EwYzAzMmI0YjNkNTNlYzc5NTlkMTIyZDNlMmRiNmQ3M2IxNzMwNmE0IiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax content-length: 3560Response body (3560 bytes)
<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- CSRF Token --> <meta name="csrf-token" content="VlHd9bUtvAPptwNCmN4codUqBjpPXLQdpFKhDmVp"> <meta name="description" content="フェア・コミュニケーションズの紹介"> <title>fair-communications.net - top</title> <!-- Fonts --> <link rel="dns-prefetch" href="//fonts.bunny.net"> <link href="https://fonts.bunny.net/css?family=Nunito" rel="stylesheet"> <!-- Scripts --> <link rel="preload" as="style" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="preload" as="style" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /> </head> <body> <div id="app"> <nav class="navbar navbar-expand-md sticky-top navbar-light bg-light"> <a class="navbar-brand" href="https://fair-communications.net"> fair-communications.net </a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarToggler" aria-controls="navbarToggler" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarToggler"> <!-- Left Side Of Navbar --> <ul class="navbar-nav mr-auto"> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link active " href="https://fair-communications.net"> トップ </a> </li> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link " href="https://fair-communications.net/vulnerability-scan-service"> ウェブサイトの健康診断サービス </a> </li> </ul> <!-- Right Side Of Navbar --> <ul class="navbar-nav ml-auto"> <!-- Authentication Links --> </ul> </div> </nav> <main class=""> <div class="container"> <section class="mt-0 mb-5"> <h1 class="display-4 pb-2">フェア・コミュニケーションズ</h1> </section> <section class="mt-5 mb-5"> <h2 class="display-5 pb-2">ウェブサイトの健康診断サービス</h2> <p> ウェブサイトのセキュリティの向上のために、『ウェブサイトの健康診断サービス』を提供します。 </p> </section> </div> </main> <footer class="app-footer text-center"> <strong> Copyright © 2024 <a href="https://fair-communications.net" class="text-decoration-none">fair-communications.net</a>. </strong> All rights reserved. </footer> </div> <script type="text/javascript" src="https://fair-communications.net/js/jquery.slim.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/bootstrap.bundle.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/adminlte.min.js"></script> </body> </html>Solution Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.
-
-
-
-
Risk = Low , Confidence = Medium (3)
-
https://fair-communications.net (3)
-
Cookie No HttpOnly Flag (1)
-
GET https://fair-communications.net/
Alert tags Alert description A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.
Request Request line and header section (478 bytes)
GET https://fair-communications.net/ HTTP/1.1 host: fair-communications.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: ja,en-US;q=0.7,en;q=0.3 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=1Request body (0 bytes)
Response Status line and header section (1136 bytes)
HTTP/1.1 200 OK Server: nginx Date: Mon, 15 Jul 2024 08:39:19 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding Cache-Control: no-cache, private Set-Cookie: XSRF-TOKEN=eyJpdiI6ImNzaFdKeUNzMEo3eC9Na0xQNFIxenc9PSIsInZhbHVlIjoiTnpPWHFvVkh0Nm1WNkZwMWJjYUtGVWF3SlduL01PTW1IT2lhT1NhL21HWjROSlBjT2c0NWVqbThvYjlYN1VNSW51YmxxcEhlT1JIU0JheTdBMjE0am42Z3dmcnR2UDZqSEpseC91VGtLMlFIVTFlaGE3UHBNK0l2U0ZsKzFPeDkiLCJtYWMiOiJhMWVmMDgxOTcwYTM0NGU0MjJmZjBmYTcwODRjYmQ4YTM1MmViMzc5NzAxNmZlYTAyNThmMTBlYjczZDkzN2JkIiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: fair_communicationsnet_session=eyJpdiI6ImwyUmd5YTRTOVdHdEs4SG9pU1FpR0E9PSIsInZhbHVlIjoiWStTU1ZLcjVYQmxyamdkejlyZ1hoUGREZ2pVaStKT3d2TUpRVmw5WTlGR2FCRmIzbHlTdDRqVlNNWFh4bHE5QS9pSExPZjJ0dXhYdGMrUXNqcE51UzViM2s3YWYzem02SzlUWFltcUFYNnF6bGpHYmdYdm1sbnZMSVhRZjQ0azgiLCJtYWMiOiJjNGU1ZTBjYWRlOWM5ODg2ZmI5MGU4N2EwYzAzMmI0YjNkNTNlYzc5NTlkMTIyZDNlMmRiNmQ3M2IxNzMwNmE0IiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax content-length: 3560Response body (3560 bytes)
<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- CSRF Token --> <meta name="csrf-token" content="VlHd9bUtvAPptwNCmN4codUqBjpPXLQdpFKhDmVp"> <meta name="description" content="フェア・コミュニケーションズの紹介"> <title>fair-communications.net - top</title> <!-- Fonts --> <link rel="dns-prefetch" href="//fonts.bunny.net"> <link href="https://fonts.bunny.net/css?family=Nunito" rel="stylesheet"> <!-- Scripts --> <link rel="preload" as="style" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="preload" as="style" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /> </head> <body> <div id="app"> <nav class="navbar navbar-expand-md sticky-top navbar-light bg-light"> <a class="navbar-brand" href="https://fair-communications.net"> fair-communications.net </a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarToggler" aria-controls="navbarToggler" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarToggler"> <!-- Left Side Of Navbar --> <ul class="navbar-nav mr-auto"> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link active " href="https://fair-communications.net"> トップ </a> </li> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link " href="https://fair-communications.net/vulnerability-scan-service"> ウェブサイトの健康診断サービス </a> </li> </ul> <!-- Right Side Of Navbar --> <ul class="navbar-nav ml-auto"> <!-- Authentication Links --> </ul> </div> </nav> <main class=""> <div class="container"> <section class="mt-0 mb-5"> <h1 class="display-4 pb-2">フェア・コミュニケーションズ</h1> </section> <section class="mt-5 mb-5"> <h2 class="display-5 pb-2">ウェブサイトの健康診断サービス</h2> <p> ウェブサイトのセキュリティの向上のために、『ウェブサイトの健康診断サービス』を提供します。 </p> </section> </div> </main> <footer class="app-footer text-center"> <strong> Copyright © 2024 <a href="https://fair-communications.net" class="text-decoration-none">fair-communications.net</a>. </strong> All rights reserved. </footer> </div> <script type="text/javascript" src="https://fair-communications.net/js/jquery.slim.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/bootstrap.bundle.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/adminlte.min.js"></script> </body> </html>Parameter XSRF-TOKENEvidence Set-Cookie: XSRF-TOKENSolution Ensure that the HttpOnly flag is set for all cookies.
-
-
Cookie Without Secure Flag (1)
-
GET https://fair-communications.net/
Alert tags Alert description A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.
Request Request line and header section (478 bytes)
GET https://fair-communications.net/ HTTP/1.1 host: fair-communications.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: ja,en-US;q=0.7,en;q=0.3 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=1Request body (0 bytes)
Response Status line and header section (1136 bytes)
HTTP/1.1 200 OK Server: nginx Date: Mon, 15 Jul 2024 08:39:19 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding Cache-Control: no-cache, private Set-Cookie: XSRF-TOKEN=eyJpdiI6ImNzaFdKeUNzMEo3eC9Na0xQNFIxenc9PSIsInZhbHVlIjoiTnpPWHFvVkh0Nm1WNkZwMWJjYUtGVWF3SlduL01PTW1IT2lhT1NhL21HWjROSlBjT2c0NWVqbThvYjlYN1VNSW51YmxxcEhlT1JIU0JheTdBMjE0am42Z3dmcnR2UDZqSEpseC91VGtLMlFIVTFlaGE3UHBNK0l2U0ZsKzFPeDkiLCJtYWMiOiJhMWVmMDgxOTcwYTM0NGU0MjJmZjBmYTcwODRjYmQ4YTM1MmViMzc5NzAxNmZlYTAyNThmMTBlYjczZDkzN2JkIiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: fair_communicationsnet_session=eyJpdiI6ImwyUmd5YTRTOVdHdEs4SG9pU1FpR0E9PSIsInZhbHVlIjoiWStTU1ZLcjVYQmxyamdkejlyZ1hoUGREZ2pVaStKT3d2TUpRVmw5WTlGR2FCRmIzbHlTdDRqVlNNWFh4bHE5QS9pSExPZjJ0dXhYdGMrUXNqcE51UzViM2s3YWYzem02SzlUWFltcUFYNnF6bGpHYmdYdm1sbnZMSVhRZjQ0azgiLCJtYWMiOiJjNGU1ZTBjYWRlOWM5ODg2ZmI5MGU4N2EwYzAzMmI0YjNkNTNlYzc5NTlkMTIyZDNlMmRiNmQ3M2IxNzMwNmE0IiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax content-length: 3560Response body (3560 bytes)
<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- CSRF Token --> <meta name="csrf-token" content="VlHd9bUtvAPptwNCmN4codUqBjpPXLQdpFKhDmVp"> <meta name="description" content="フェア・コミュニケーションズの紹介"> <title>fair-communications.net - top</title> <!-- Fonts --> <link rel="dns-prefetch" href="//fonts.bunny.net"> <link href="https://fonts.bunny.net/css?family=Nunito" rel="stylesheet"> <!-- Scripts --> <link rel="preload" as="style" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="preload" as="style" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /> </head> <body> <div id="app"> <nav class="navbar navbar-expand-md sticky-top navbar-light bg-light"> <a class="navbar-brand" href="https://fair-communications.net"> fair-communications.net </a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarToggler" aria-controls="navbarToggler" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarToggler"> <!-- Left Side Of Navbar --> <ul class="navbar-nav mr-auto"> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link active " href="https://fair-communications.net"> トップ </a> </li> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link " href="https://fair-communications.net/vulnerability-scan-service"> ウェブサイトの健康診断サービス </a> </li> </ul> <!-- Right Side Of Navbar --> <ul class="navbar-nav ml-auto"> <!-- Authentication Links --> </ul> </div> </nav> <main class=""> <div class="container"> <section class="mt-0 mb-5"> <h1 class="display-4 pb-2">フェア・コミュニケーションズ</h1> </section> <section class="mt-5 mb-5"> <h2 class="display-5 pb-2">ウェブサイトの健康診断サービス</h2> <p> ウェブサイトのセキュリティの向上のために、『ウェブサイトの健康診断サービス』を提供します。 </p> </section> </div> </main> <footer class="app-footer text-center"> <strong> Copyright © 2024 <a href="https://fair-communications.net" class="text-decoration-none">fair-communications.net</a>. </strong> All rights reserved. </footer> </div> <script type="text/javascript" src="https://fair-communications.net/js/jquery.slim.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/bootstrap.bundle.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/adminlte.min.js"></script> </body> </html>Parameter fair_communicationsnet_sessionEvidence Set-Cookie: fair_communicationsnet_sessionSolution Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.
-
-
X-Content-Type-Options Header Missing (1)
-
GET https://fair-communications.net/
Alert tags Alert description The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
Other info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.
At "High" threshold this scan rule will not alert on client or server error responses.
Request Request line and header section (478 bytes)
GET https://fair-communications.net/ HTTP/1.1 host: fair-communications.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: ja,en-US;q=0.7,en;q=0.3 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=1Request body (0 bytes)
Response Status line and header section (1136 bytes)
HTTP/1.1 200 OK Server: nginx Date: Mon, 15 Jul 2024 08:39:19 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding Cache-Control: no-cache, private Set-Cookie: XSRF-TOKEN=eyJpdiI6ImNzaFdKeUNzMEo3eC9Na0xQNFIxenc9PSIsInZhbHVlIjoiTnpPWHFvVkh0Nm1WNkZwMWJjYUtGVWF3SlduL01PTW1IT2lhT1NhL21HWjROSlBjT2c0NWVqbThvYjlYN1VNSW51YmxxcEhlT1JIU0JheTdBMjE0am42Z3dmcnR2UDZqSEpseC91VGtLMlFIVTFlaGE3UHBNK0l2U0ZsKzFPeDkiLCJtYWMiOiJhMWVmMDgxOTcwYTM0NGU0MjJmZjBmYTcwODRjYmQ4YTM1MmViMzc5NzAxNmZlYTAyNThmMTBlYjczZDkzN2JkIiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: fair_communicationsnet_session=eyJpdiI6ImwyUmd5YTRTOVdHdEs4SG9pU1FpR0E9PSIsInZhbHVlIjoiWStTU1ZLcjVYQmxyamdkejlyZ1hoUGREZ2pVaStKT3d2TUpRVmw5WTlGR2FCRmIzbHlTdDRqVlNNWFh4bHE5QS9pSExPZjJ0dXhYdGMrUXNqcE51UzViM2s3YWYzem02SzlUWFltcUFYNnF6bGpHYmdYdm1sbnZMSVhRZjQ0azgiLCJtYWMiOiJjNGU1ZTBjYWRlOWM5ODg2ZmI5MGU4N2EwYzAzMmI0YjNkNTNlYzc5NTlkMTIyZDNlMmRiNmQ3M2IxNzMwNmE0IiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax content-length: 3560Response body (3560 bytes)
<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- CSRF Token --> <meta name="csrf-token" content="VlHd9bUtvAPptwNCmN4codUqBjpPXLQdpFKhDmVp"> <meta name="description" content="フェア・コミュニケーションズの紹介"> <title>fair-communications.net - top</title> <!-- Fonts --> <link rel="dns-prefetch" href="//fonts.bunny.net"> <link href="https://fonts.bunny.net/css?family=Nunito" rel="stylesheet"> <!-- Scripts --> <link rel="preload" as="style" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="preload" as="style" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /> </head> <body> <div id="app"> <nav class="navbar navbar-expand-md sticky-top navbar-light bg-light"> <a class="navbar-brand" href="https://fair-communications.net"> fair-communications.net </a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarToggler" aria-controls="navbarToggler" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarToggler"> <!-- Left Side Of Navbar --> <ul class="navbar-nav mr-auto"> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link active " href="https://fair-communications.net"> トップ </a> </li> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link " href="https://fair-communications.net/vulnerability-scan-service"> ウェブサイトの健康診断サービス </a> </li> </ul> <!-- Right Side Of Navbar --> <ul class="navbar-nav ml-auto"> <!-- Authentication Links --> </ul> </div> </nav> <main class=""> <div class="container"> <section class="mt-0 mb-5"> <h1 class="display-4 pb-2">フェア・コミュニケーションズ</h1> </section> <section class="mt-5 mb-5"> <h2 class="display-5 pb-2">ウェブサイトの健康診断サービス</h2> <p> ウェブサイトのセキュリティの向上のために、『ウェブサイトの健康診断サービス』を提供します。 </p> </section> </div> </main> <footer class="app-footer text-center"> <strong> Copyright © 2024 <a href="https://fair-communications.net" class="text-decoration-none">fair-communications.net</a>. </strong> All rights reserved. </footer> </div> <script type="text/javascript" src="https://fair-communications.net/js/jquery.slim.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/bootstrap.bundle.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/adminlte.min.js"></script> </body> </html>Parameter x-content-type-optionsSolution Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.
If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
-
-
-
-
Risk = Informational , Confidence = Medium (2)
-
https://fair-communications.net (2)
-
Session Management Response Identified (1)
-
GET https://fair-communications.net/
Alert tags Alert description The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to "Auto-Detect" then this rule will change the session management to use the tokens identified.
Other info cookie:fair_communicationsnet_session
cookie:XSRF-TOKEN
Request Request line and header section (478 bytes)
GET https://fair-communications.net/ HTTP/1.1 host: fair-communications.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: ja,en-US;q=0.7,en;q=0.3 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=1Request body (0 bytes)
Response Status line and header section (1136 bytes)
HTTP/1.1 200 OK Server: nginx Date: Mon, 15 Jul 2024 08:39:19 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding Cache-Control: no-cache, private Set-Cookie: XSRF-TOKEN=eyJpdiI6ImNzaFdKeUNzMEo3eC9Na0xQNFIxenc9PSIsInZhbHVlIjoiTnpPWHFvVkh0Nm1WNkZwMWJjYUtGVWF3SlduL01PTW1IT2lhT1NhL21HWjROSlBjT2c0NWVqbThvYjlYN1VNSW51YmxxcEhlT1JIU0JheTdBMjE0am42Z3dmcnR2UDZqSEpseC91VGtLMlFIVTFlaGE3UHBNK0l2U0ZsKzFPeDkiLCJtYWMiOiJhMWVmMDgxOTcwYTM0NGU0MjJmZjBmYTcwODRjYmQ4YTM1MmViMzc5NzAxNmZlYTAyNThmMTBlYjczZDkzN2JkIiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: fair_communicationsnet_session=eyJpdiI6ImwyUmd5YTRTOVdHdEs4SG9pU1FpR0E9PSIsInZhbHVlIjoiWStTU1ZLcjVYQmxyamdkejlyZ1hoUGREZ2pVaStKT3d2TUpRVmw5WTlGR2FCRmIzbHlTdDRqVlNNWFh4bHE5QS9pSExPZjJ0dXhYdGMrUXNqcE51UzViM2s3YWYzem02SzlUWFltcUFYNnF6bGpHYmdYdm1sbnZMSVhRZjQ0azgiLCJtYWMiOiJjNGU1ZTBjYWRlOWM5ODg2ZmI5MGU4N2EwYzAzMmI0YjNkNTNlYzc5NTlkMTIyZDNlMmRiNmQ3M2IxNzMwNmE0IiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax content-length: 3560Response body (3560 bytes)
<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- CSRF Token --> <meta name="csrf-token" content="VlHd9bUtvAPptwNCmN4codUqBjpPXLQdpFKhDmVp"> <meta name="description" content="フェア・コミュニケーションズの紹介"> <title>fair-communications.net - top</title> <!-- Fonts --> <link rel="dns-prefetch" href="//fonts.bunny.net"> <link href="https://fonts.bunny.net/css?family=Nunito" rel="stylesheet"> <!-- Scripts --> <link rel="preload" as="style" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="preload" as="style" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /> </head> <body> <div id="app"> <nav class="navbar navbar-expand-md sticky-top navbar-light bg-light"> <a class="navbar-brand" href="https://fair-communications.net"> fair-communications.net </a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarToggler" aria-controls="navbarToggler" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarToggler"> <!-- Left Side Of Navbar --> <ul class="navbar-nav mr-auto"> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link active " href="https://fair-communications.net"> トップ </a> </li> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link " href="https://fair-communications.net/vulnerability-scan-service"> ウェブサイトの健康診断サービス </a> </li> </ul> <!-- Right Side Of Navbar --> <ul class="navbar-nav ml-auto"> <!-- Authentication Links --> </ul> </div> </nav> <main class=""> <div class="container"> <section class="mt-0 mb-5"> <h1 class="display-4 pb-2">フェア・コミュニケーションズ</h1> </section> <section class="mt-5 mb-5"> <h2 class="display-5 pb-2">ウェブサイトの健康診断サービス</h2> <p> ウェブサイトのセキュリティの向上のために、『ウェブサイトの健康診断サービス』を提供します。 </p> </section> </div> </main> <footer class="app-footer text-center"> <strong> Copyright © 2024 <a href="https://fair-communications.net" class="text-decoration-none">fair-communications.net</a>. </strong> All rights reserved. </footer> </div> <script type="text/javascript" src="https://fair-communications.net/js/jquery.slim.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/bootstrap.bundle.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/adminlte.min.js"></script> </body> </html>Parameter fair_communicationsnet_sessionEvidence eyJpdiI6ImwyUmd5YTRTOVdHdEs4SG9pU1FpR0E9PSIsInZhbHVlIjoiWStTU1ZLcjVYQmxyamdkejlyZ1hoUGREZ2pVaStKT3d2TUpRVmw5WTlGR2FCRmIzbHlTdDRqVlNNWFh4bHE5QS9pSExPZjJ0dXhYdGMrUXNqcE51UzViM2s3YWYzem02SzlUWFltcUFYNnF6bGpHYmdYdm1sbnZMSVhRZjQ0azgiLCJtYWMiOiJjNGU1ZTBjYWRlOWM5ODg2ZmI5MGU4N2EwYzAzMmI0YjNkNTNlYzc5NTlkMTIyZDNlMmRiNmQ3M2IxNzMwNmE0IiwidGFnIjoiIn0%3DSolution This is an informational alert rather than a vulnerability and so there is nothing to fix.
-
-
User Agent Fuzzer (1)
-
GET https://fair-communications.net
Alert tags Alert description Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.
Request Request line and header section (443 bytes)
GET https://fair-communications.net HTTP/1.1 host: fair-communications.net user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: ja,en-US;q=0.7,en;q=0.3 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=1Request body (0 bytes)
Response Status line and header section (1136 bytes)
HTTP/1.1 200 OK Server: nginx Date: Mon, 15 Jul 2024 08:41:34 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding Cache-Control: no-cache, private Set-Cookie: XSRF-TOKEN=eyJpdiI6IlM0L3BKYUlhRFBkb2lGUUE2Yktmbnc9PSIsInZhbHVlIjoiSThFbmJGVFdhajRLSXF0T2lwa3Mzd3VydlVTclNXSUkzTmlwaUZIL0JoN0RkUTBleEJTVlVNS2JjeEZmN2hPZGlhM2kvNWlHWWhFZFoyQ2NxUGJNcnJVcjNMSFRMQ2VIckRtSXdYbnlxZnRHMndOVlZiT2RKK3Q3N3NmOEdRa3YiLCJtYWMiOiJjYzdkODdiZGM0NTgzN2Y5YTQ5YTJhODExN2M0OTk3MTlhOWNjM2Y0Mzg5MWY0YzUxYzQ4NzljMzk0MWQ3NmFjIiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:41:34 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: fair_communicationsnet_session=eyJpdiI6IndQMkRPb3ByaHhTN1FDL2M5Qkp2WGc9PSIsInZhbHVlIjoibzdvV2E3MldNQ2prYmJ6WS8vRTZQSUhxVjNONlZ0K2R3eEpBQ3JtVFhuVFlZTE8vcWRpRFpKRFZqeklVelloeVZUSjVpY0d2bTg0SXNiV01vTVdjTkcxNmlTRUNzZE5QS0RORVd2N09FYmZZZ3NGWkZobGR1Qld0Qk1XdEVHZ3IiLCJtYWMiOiI1NGM2NjE4M2RkNGFiODdhMmFmZWI0Y2I1YTJiM2U0M2ZkMGI2YTdmNWNlNDgwZjhkYjZjM2YwZTAwYWEzNDY2IiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:41:34 GMT; Max-Age=7200; path=/; httponly; samesite=lax content-length: 3560Response body (3560 bytes)
<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- CSRF Token --> <meta name="csrf-token" content="OeyP8sBvfmP5Ov95J3JHreCmHkzLiiqM6O8w0Nat"> <meta name="description" content="フェア・コミュニケーションズの紹介"> <title>fair-communications.net - top</title> <!-- Fonts --> <link rel="dns-prefetch" href="//fonts.bunny.net"> <link href="https://fonts.bunny.net/css?family=Nunito" rel="stylesheet"> <!-- Scripts --> <link rel="preload" as="style" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="preload" as="style" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /> </head> <body> <div id="app"> <nav class="navbar navbar-expand-md sticky-top navbar-light bg-light"> <a class="navbar-brand" href="https://fair-communications.net"> fair-communications.net </a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarToggler" aria-controls="navbarToggler" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarToggler"> <!-- Left Side Of Navbar --> <ul class="navbar-nav mr-auto"> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link active " href="https://fair-communications.net"> トップ </a> </li> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link " href="https://fair-communications.net/vulnerability-scan-service"> ウェブサイトの健康診断サービス </a> </li> </ul> <!-- Right Side Of Navbar --> <ul class="navbar-nav ml-auto"> <!-- Authentication Links --> </ul> </div> </nav> <main class=""> <div class="container"> <section class="mt-0 mb-5"> <h1 class="display-4 pb-2">フェア・コミュニケーションズ</h1> </section> <section class="mt-5 mb-5"> <h2 class="display-5 pb-2">ウェブサイトの健康診断サービス</h2> <p> ウェブサイトのセキュリティの向上のために、『ウェブサイトの健康診断サービス』を提供します。 </p> </section> </div> </main> <footer class="app-footer text-center"> <strong> Copyright © 2024 <a href="https://fair-communications.net" class="text-decoration-none">fair-communications.net</a>. </strong> All rights reserved. </footer> </div> <script type="text/javascript" src="https://fair-communications.net/js/jquery.slim.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/bootstrap.bundle.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/adminlte.min.js"></script> </body> </html>Parameter Header User-AgentAttack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
-
-
-
-
Risk = Informational , Confidence = Low (2)
-
https://fair-communications.net (2)
-
Information Disclosure - Suspicious Comments (1)
-
GET https://fair-communications.net/js/adminlte.min.js
Alert tags Alert description The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.
Other info The following pattern was used: \bTODO\b and was detected in the element starting with: "!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("jquery")):"function"==typeof define&&defi", see evidence field for the suspicious comment/snippet.
Request Request line and header section (1134 bytes)
GET https://fair-communications.net/js/adminlte.min.js HTTP/1.1 host: fair-communications.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: */* Accept-Language: ja,en-US;q=0.7,en;q=0.3 Connection: keep-alive Referer: https://fair-communications.net/ Cookie: XSRF-TOKEN=eyJpdiI6ImNzaFdKeUNzMEo3eC9Na0xQNFIxenc9PSIsInZhbHVlIjoiTnpPWHFvVkh0Nm1WNkZwMWJjYUtGVWF3SlduL01PTW1IT2lhT1NhL21HWjROSlBjT2c0NWVqbThvYjlYN1VNSW51YmxxcEhlT1JIU0JheTdBMjE0am42Z3dmcnR2UDZqSEpseC91VGtLMlFIVTFlaGE3UHBNK0l2U0ZsKzFPeDkiLCJtYWMiOiJhMWVmMDgxOTcwYTM0NGU0MjJmZjBmYTcwODRjYmQ4YTM1MmViMzc5NzAxNmZlYTAyNThmMTBlYjczZDkzN2JkIiwidGFnIjoiIn0%3D; fair_communicationsnet_session=eyJpdiI6ImwyUmd5YTRTOVdHdEs4SG9pU1FpR0E9PSIsInZhbHVlIjoiWStTU1ZLcjVYQmxyamdkejlyZ1hoUGREZ2pVaStKT3d2TUpRVmw5WTlGR2FCRmIzbHlTdDRqVlNNWFh4bHE5QS9pSExPZjJ0dXhYdGMrUXNqcE51UzViM2s3YWYzem02SzlUWFltcUFYNnF6bGpHYmdYdm1sbnZMSVhRZjQ0azgiLCJtYWMiOiJjNGU1ZTBjYWRlOWM5ODg2ZmI5MGU4N2EwYzAzMmI0YjNkNTNlYzc5NTlkMTIyZDNlMmRiNmQ3M2IxNzMwNmE0IiwidGFnIjoiIn0%3D Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-originRequest body (0 bytes)
Response Status line and header section (346 bytes)
HTTP/1.1 200 OK Server: nginx Date: Mon, 15 Jul 2024 08:39:20 GMT Content-Type: application/javascript Content-Length: 46369 Connection: keep-alive Vary: Accept-Encoding Last-Modified: Mon, 15 Jul 2024 08:01:25 GMT ETag: "b521-61d44a2b72781" Expires: Mon, 22 Jul 2024 08:39:20 GMT Cache-Control: max-age=604800 Accept-Ranges: bytesResponse body (46369 bytes)
/*! * AdminLTE v3.2.0 (https://adminlte.io) * Copyright 2014-2022 Colorlib <https://colorlib.com> * Licensed under MIT (https://github.com/ColorlibHQ/AdminLTE/blob/master/LICENSE) */ !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("jquery")):"function"==typeof define&&define.amd?define(["exports","jquery"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).adminlte={},e.jQuery)}(this,(function(e,t){"use strict";function a(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var n=a(t),i="CardRefresh",o="lte.cardrefresh",l=n.default.fn[i],s="card",r='[data-card-widget="card-refresh"]',d={source:"",sourceSelector:"",params:{},trigger:r,content:".card-body",loadInContent:!0,loadOnInit:!0,loadErrorTemplate:!0,responseType:"",overlayTemplate:'<div class="overlay"><i class="fas fa-2x fa-sync-alt fa-spin"></i></div>',errorTemplate:'<span class="text-danger"></span>',onLoadStart:function(){},onLoadDone:function(e){return e},onLoadFail:function(e,t,a){}},f=function(){function e(e,t){if(this._element=e,this._parent=e.parents(".card").first(),this._settings=n.default.extend({},d,t),this._overlay=n.default(this._settings.overlayTemplate),e.hasClass(s)&&(this._parent=e),""===this._settings.source)throw new Error("Source url was not defined. Please specify a url in your CardRefresh source option.")}var t=e.prototype;return t.load=function(){var e=this;this._addOverlay(),this._settings.onLoadStart.call(n.default(this)),n.default.get(this._settings.source,this._settings.params,(function(t){e._settings.loadInContent&&(""!==e._settings.sourceSelector&&(t=n.default(t).find(e._settings.sourceSelector).html()),e._parent.find(e._settings.content).html(t)),e._settings.onLoadDone.call(n.default(e),t),e._removeOverlay()}),""!==this._settings.responseType&&this._settings.responseType).fail((function(t,a,i){if(e._removeOverlay(),e._settings.loadErrorTemplate){var o=n.default(e._settings.errorTemplate).text(i);e._parent.find(e._settings.content).empty().append(o)}e._settings.onLoadFail.call(n.default(e),t,a,i)})),n.default(this._element).trigger(n.default.Event("loaded.lte.cardrefresh"))},t._addOverlay=function(){this._parent.append(this._overlay),n.default(this._element).trigger(n.default.Event("overlay.added.lte.cardrefresh"))},t._removeOverlay=function(){this._parent.find(this._overlay).remove(),n.default(this._element).trigger(n.default.Event("overlay.removed.lte.cardrefresh"))},t._init=function(){var e=this;n.default(this).find(this._settings.trigger).on("click",(function(){e.load()})),this._settings.loadOnInit&&this.load()},e._jQueryInterface=function(t){var a=n.default(this).data(o),i=n.default.extend({},d,n.default(this).data());a||(a=new e(n.default(this),i),n.default(this).data(o,"string"==typeof t?a:t)),"string"==typeof t&&/load/.test(t)?a[t]():a._init(n.default(this))},e}();n.default(document).on("click",r,(function(e){e&&e.preventDefault(),f._jQueryInterface.call(n.default(this),"load")})),n.default((function(){n.default(r).each((function(){f._jQueryInterface.call(n.default(this))}))})),n.default.fn[i]=f._jQueryInterface,n.default.fn[i].Constructor=f,n.default.fn[i].noConflict=function(){return n.default.fn[i]=l,f._jQueryInterface};var u="CardWidget",c="lte.cardwidget",h=n.default.fn[u],g="card",p="collapsed-card",m="collapsing-card",v="expanding-card",_="was-collapsed",b="maximized-card",y='[data-card-widget="remove"]',C='[data-card-widget="collapse"]',w='[data-card-widget="maximize"]',x={animationSpeed:"normal",collapseTrigger:C,removeTrigger:y,maximizeTrigger:w,collapseIcon:"fa-minus",expandIcon:"fa-plus",maximizeIcon:"fa-expand",minimizeIcon:"fa-compress"},I=function(){function e(e,t){this._element=e,this._parent=e.parents(".card").first(),e.hasClass(g)&&(this._parent=e),this._settings=n.default.extend({},x,t)}var t=e.prototype;return t.collapse=function(){var e=this;this._parent.addClass(m).children(".card-body, .card-footer").slideUp(this._settings.animationSpeed,(function(){e._parent.addClass(p).removeClass(m)})),this._parent.find("> .card-header "+this._settings.collapseTrigger+" ."+this._settings.collapseIcon).addClass(this._settings.expandIcon).removeClass(this._settings.collapseIcon),this._element.trigger(n.default.Event("collapsed.lte.cardwidget"),this._parent)},t.expand=function(){var e=this;this._parent.addClass(v).children(".card-body, .card-footer").slideDown(this._settings.animationSpeed,(function(){e._parent.removeClass(p).removeClass(v)})),this._parent.find("> .card-header "+this._settings.collapseTrigger+" ."+this._settings.expandIcon).addClass(this._settings.collapseIcon).removeClass(this._settings.expandIcon),this._element.trigger(n.default.Event("expanded.lte.cardwidget"),this._parent)},t.remove=function(){this._parent.slideUp(),this._element.trigger(n.default.Event("removed.lte.cardwidget"),this._parent)},t.toggle=function(){this._parent.hasClass(p)?this.expand():this.collapse()},t.maximize=function(){this._parent.find(this._settings.maximizeTrigger+" ."+this._settings.maximizeIcon).addClass(this._settings.minimizeIcon).removeClass(this._settings.maximizeIcon),this._parent.css({height:this._parent.height(),width:this._parent.width(),transition:"all .15s"}).delay(150).queue((function(){var e=n.default(this);e.addClass(b),n.default("html").addClass(b),e.hasClass(p)&&e.addClass(_),e.dequeue()})),this._element.trigger(n.default.Event("maximized.lte.cardwidget"),this._parent)},t.minimize=function(){this._parent.find(this._settings.maximizeTrigger+" ."+this._settings.minimizeIcon).addClass(this._settings.maximizeIcon).removeClass(this._settings.minimizeIcon),this._parent.css("cssText","height: "+this._parent[0].style.height+" !important; width: "+this._parent[0].style.width+" !important; transition: all .15s;").delay(10).queue((function(){var e=n.default(this);e.removeClass(b),n.default("html").removeClass(b),e.css({height:"inherit",width:"inherit"}),e.hasClass(_)&&e.removeClass(_),e.dequeue()})),this._element.trigger(n.default.Event("minimized.lte.cardwidget"),this._parent)},t.toggleMaximize=function(){this._parent.hasClass(b)?this.minimize():this.maximize()},t._init=function(e){var t=this;this._parent=e,n.default(this).find(this._settings.collapseTrigger).click((function(){t.toggle()})),n.default(this).find(this._settings.maximizeTrigger).click((function(){t.toggleMaximize()})),n.default(this).find(this._settings.removeTrigger).click((function(){t.remove()}))},e._jQueryInterface=function(t){var a=n.default(this).data(c),i=n.default.extend({},x,n.default(this).data());a||(a=new e(n.default(this),i),n.default(this).data(c,"string"==typeof t?a:t)),"string"==typeof t&&/collapse|expand|remove|toggle|maximize|minimize|toggleMaximize/.test(t)?a[t]():"object"==typeof t&&a._init(n.default(this))},e}();n.default(document).on("click",C,(function(e){e&&e.preventDefault(),I._jQueryInterface.call(n.default(this),"toggle")})),n.default(document).on("click",y,(function(e){e&&e.preventDefault(),I._jQueryInterface.call(n.default(this),"remove")})),n.default(document).on("click",w,(function(e){e&&e.preventDefault(),I._jQueryInterface.call(n.default(this),"toggleMaximize")})),n.default.fn[u]=I._jQueryInterface,n.default.fn[u].Constructor=I,n.default.fn[u].noConflict=function(){return n.default.fn[u]=h,I._jQueryInterface};var T="ControlSidebar",S="lte.controlsidebar",j=n.default.fn[T],k=".control-sidebar",Q=".control-sidebar-content",H='[data-widget="control-sidebar"]',z=".main-header",F=".main-footer",E="control-sidebar-animate",L="control-sidebar-open",D="control-sidebar-slide-open",R="layout-fixed",A={controlsidebarSlide:!0,scrollbarTheme:"os-theme-light",scrollbarAutoHide:"l",target:k,animationSpeed:300},M=function(){function e(e,t){this._element=e,this._config=t}var t=e.prototype;return t.collapse=function(){var e=this,t=n.default("body"),a=n.default("html");this._config.controlsidebarSlide?(a.addClass(E),t.removeClass(D).delay(300).queue((function(){n.default(k).hide(),a.removeClass(E),n.default(this).dequeue()}))):t.removeClass(L),n.default(this._element).trigger(n.default.Event("collapsed.lte.controlsidebar")),setTimeout((function(){n.default(e._element).trigger(n.default.Event("collapsed-done.lte.controlsidebar"))}),this._config.animationSpeed)},t.show=function(e){void 0===e&&(e=!1);var t=n.default("body"),a=n.default("html");e&&n.default(k).hide(),this._config.controlsidebarSlide?(a.addClass(E),n.default(this._config.target).show().delay(10).queue((function(){t.addClass(D).delay(300).queue((function(){a.removeClass(E),n.default(this).dequeue()})),n.default(this).dequeue()}))):t.addClass(L),this._fixHeight(),this._fixScrollHeight(),n.default(this._element).trigger(n.default.Event("expanded.lte.controlsidebar"))},t.toggle=function(){var e=n.default("body"),t=this._config.target,a=!n.default(t).is(":visible"),i=e.hasClass(L)||e.hasClass(D),o=a&&(e.hasClass(L)||e.hasClass(D));a||o?this.show(a):i&&this.collapse()},t._init=function(){var e=this,t=n.default("body");t.hasClass(L)||t.hasClass(D)?(n.default(k).not(this._config.target).hide(),n.default(this._config.target).css("display","block")):n.default(k).hide(),this._fixHeight(),this._fixScrollHeight(),n.default(window).resize((function(){e._fixHeight(),e._fixScrollHeight()})),n.default(window).scroll((function(){var t=n.default("body");(t.hasClass(L)||t.hasClass(D))&&e._fixScrollHeight()}))},t._isNavbarFixed=function(){var e=n.default("body");return e.hasClass("layout-navbar-fixed")||e.hasClass("layout-sm-navbar-fixed")||e.hasClass("layout-md-navbar-fixed")||e.hasClass("layout-lg-navbar-fixed")||e.hasClass("layout-xl-navbar-fixed")},t._isFooterFixed=function(){var e=n.default("body");return e.hasClass("layout-footer-fixed")||e.hasClass("layout-sm-footer-fixed")||e.hasClass("layout-md-footer-fixed")||e.hasClass("layout-lg-footer-fixed")||e.hasClass("layout-xl-footer-fixed")},t._fixScrollHeight=function(){var e=n.default("body"),t=n.default(this._config.target);if(e.hasClass(R)){var a={scroll:n.default(document).height(),window:n.default(window).height(),header:n.default(z).outerHeight(),footer:n.default(F).outerHeight()},i=Math.abs(a.window+n.default(window).scrollTop()-a.scroll),o=n.default(window).scrollTop(),l=this._isNavbarFixed()&&"fixed"===n.default(z).css("position"),s=this._isFooterFixed()&&"fixed"===n.default(F).css("position"),r=n.default(this._config.target+", "+this._config.target+" "+Q);if(0===o&&0===i)t.css({bottom:a.footer,top:a.header}),r.css("height",a.window-(a.header+a.footer));else if(i<=a.footer)if(!1===s){var d=a.header-o;t.css("bottom",a.footer-i).css("top",d>=0?d:0),r.css("height",a.window-(a.footer-i))}else t.css("bottom",a.footer);else o<=a.header?!1===l?(t.css("top",a.header-o),r.css("height",a.window-(a.header-o))):t.css("top",a.header):!1===l?(t.css("top",0),r.css("height",a.window)):t.css("top",a.header);s&&l?(r.css("height","100%"),t.css("height","")):(s||l)&&(r.css("height","100%"),r.css("height",""))}},t._fixHeight=function(){var e=n.default("body"),t=n.default(this._config.target+" "+Q);if(e.hasClass(R)){var a=n.default(window).height(),i=n.default(z).outerHeight(),o=n.default(F).outerHeight(),l=a-i;this._isFooterFixed()&&"fixed"===n.default(F).css("position")&&(l=a-i-o),t.css("height",l),"undefined"!=typeof n.default.fn.overlayScrollbars&&t.overlayScrollbars({className:this._config.scrollbarTheme,sizeAutoCapable:!0,scrollbars:{autoHide:this._config.scrollbarAutoHide,clickScrolling:!0}})}else t.attr("style","")},e._jQueryInterface=function(t){return this.each((function(){var a=n.default(this).data(S),i=n.default.extend({},A,n.default(this).data());if(a||(a=new e(this,i),n.default(this).data(S,a)),"undefined"===a[t])throw new Error(t+" is not a function");a[t]()}))},e}();n.default(document).on("click",H,(function(e){e.preventDefault(),M._jQueryInterface.call(n.default(this),"toggle")})),n.default(document).ready((function(){M._jQueryInterface.call(n.default(H),"_init")})),n.default.fn[T]=M._jQueryInterface,n.default.fn[T].Constructor=M,n.default.fn[T].noConflict=function(){return n.default.fn[T]=j,M._jQueryInterface};var q="DirectChat",O="lte.directchat",N=n.default.fn[q],P=function(){function e(e){this._element=e}return e.prototype.toggle=function(){n.default(this._element).parents(".direct-chat").first().toggleClass("direct-chat-contacts-open"),n.default(this._element).trigger(n.default.Event("toggled.lte.directchat"))},e._jQueryInterface=function(t){return this.each((function(){var a=n.default(this).data(O);a||(a=new e(n.default(this)),n.default(this).data(O,a)),a[t]()}))},e}();n.default(document).on("click",'[data-widget="chat-pane-toggle"]',(function(e){e&&e.preventDefault(),P._jQueryInterface.call(n.default(this),"toggle")})),n.default.fn[q]=P._jQueryInterface,n.default.fn[q].Constructor=P,n.default.fn[q].noConflict=function(){return n.default.fn[q]=N,P._jQueryInterface};var U="Dropdown",B="lte.dropdown",$=n.default.fn[U],J=".dropdown-menu",W={},V=function(){function e(e,t){this._config=t,this._element=e}var t=e.prototype;return t.toggleSubmenu=function(){this._element.siblings().show().toggleClass("show"),this._element.next().hasClass("show")||this._element.parents(J).first().find(".show").removeClass("show").hide(),this._element.parents("li.nav-item.dropdown.show").on("hidden.bs.dropdown",(function(){n.default(".dropdown-submenu .show").removeClass("show").hide()}))},t.fixPosition=function(){var e=n.default(".dropdown-menu.show");if(0!==e.length){e.hasClass("dropdown-menu-right")?e.css({left:"inherit",right:0}):e.css({left:0,right:"inherit"});var t=e.offset(),a=e.width(),i=n.default(window).width()-t.left;t.left<0?e.css({left:"inherit",right:t.left-5}):i<a&&e.css({left:"inherit",right:0})}},e._jQueryInterface=function(t){return this.each((function(){var a=n.default(this).data(B),i=n.default.extend({},W,n.default(this).data());a||(a=new e(n.default(this),i),n.default(this).data(B,a)),"toggleSubmenu"!==t&&"fixPosition"!==t||a[t]()}))},e}();n.default('.dropdown-menu [data-toggle="dropdown"]').on("click",(function(e){e.preventDefault(),e.stopPropagation(),V._jQueryInterface.call(n.default(this),"toggleSubmenu")})),n.default('.navbar [data-toggle="dropdown"]').on("click",(function(e){e.preventDefault(),n.default(e.target).parent().hasClass("dropdown-submenu")||setTimeout((function(){V._jQueryInterface.call(n.default(this),"fixPosition")}),1)})),n.default.fn[U]=V._jQueryInterface,n.default.fn[U].Constructor=V,n.default.fn[U].noConflict=function(){return n.default.fn[U]=$,V._jQueryInterface};var G="ExpandableTable",K="lte.expandableTable",X=n.default.fn[G],Y=".expandable-body",Z='[data-widget="expandable-table"]',ee="aria-expanded",te=function(){function e(e,t){this._options=t,this._element=e}var t=e.prototype;return t.init=function(){n.default(Z).each((function(e,t){var a=n.default(t).attr(ee),i=n.default(t).next(Y).children().first().children();"true"===a?i.show():"false"===a&&(i.hide(),i.parent().parent().addClass("d-none"))}))},t.toggleRow=function(){var e=this._element;"TR"!==e[0].nodeName&&"TR"!==(e=e.parent())[0].nodeName&&(e=e.parent());var t=e.attr(ee),a=e.next(Y).children().first().children();a.stop(),"true"===t?(a.slideUp(500,(function(){e.next(Y).addClass("d-none")})),e.attr(ee,"false"),e.trigger(n.default.Event("collapsed.lte.expandableTable"))):"false"===t&&(e.next(Y).removeClass("d-none"),a.slideDown(500),e.attr(ee,"true"),e.trigger(n.default.Event("expanded.lte.expandableTable")))},e._jQueryInterface=function(t){return this.each((function(){var a=n.default(this).data(K);a||(a=new e(n.default(this)),n.default(this).data(K,a)),"string"==typeof t&&/init|toggleRow/.test(t)&&a[t]()}))},e}();n.default(".expandable-table").ready((function(){te._jQueryInterface.call(n.default(this),"init")})),n.default(document).on("click",Z,(function(){te._jQueryInterface.call(n.default(this),"toggleRow")})),n.default.fn[G]=te._jQueryInterface,n.default.fn[G].Constructor=te,n.default.fn[G].noConflict=function(){return n.default.fn[G]=X,te._jQueryInterface};var ae="Fullscreen",ne="lte.fullscreen",ie=n.default.fn[ae],oe='[data-widget="fullscreen"]',le=oe+" i",se={minimizeIcon:"fa-compress-arrows-alt",maximizeIcon:"fa-expand-arrows-alt"},re=function(){function e(e,t){this.element=e,this.options=n.default.extend({},se,t)}var t=e.prototype;return t.toggle=function(){document.fullscreenElement||document.mozFullScreenElement||document.webkitFullscreenElement||document.msFullscreenElement?this.windowed():this.fullscreen()},t.toggleIcon=function(){document.fullscreenElement||document.mozFullScreenElement||document.webkitFullscreenElement||document.msFullscreenElement?n.default(le).removeClass(this.options.maximizeIcon).addClass(this.options.minimizeIcon):n.default(le).removeClass(this.options.minimizeIcon).addClass(this.options.maximizeIcon)},t.fullscreen=function(){document.documentElement.requestFullscreen?document.documentElement.requestFullscreen():document.documentElement.webkitRequestFullscreen?document.documentElement.webkitRequestFullscreen():document.documentElement.msRequestFullscreen&&document.documentElement.msRequestFullscreen()},t.windowed=function(){document.exitFullscreen?document.exitFullscreen():document.webkitExitFullscreen?document.webkitExitFullscreen():document.msExitFullscreen&&document.msExitFullscreen()},e._jQueryInterface=function(t){var a=n.default(this).data(ne);a||(a=n.default(this).data());var i=n.default.extend({},se,"object"==typeof t?t:a),o=new e(n.default(this),i);n.default(this).data(ne,"object"==typeof t?t:a),"string"==typeof t&&/toggle|toggleIcon|fullscreen|windowed/.test(t)?o[t]():o.init()},e}();n.default(document).on("click",oe,(function(){re._jQueryInterface.call(n.default(this),"toggle")})),n.default(document).on("webkitfullscreenchange mozfullscreenchange fullscreenchange MSFullscreenChange",(function(){re._jQueryInterface.call(n.default(oe),"toggleIcon")})),n.default.fn[ae]=re._jQueryInterface,n.default.fn[ae].Constructor=re,n.default.fn[ae].noConflict=function(){return n.default.fn[ae]=ie,re._jQueryInterface};var de="lte.iframe",fe=n.default.fn.IFrame,ue='[data-widget="iframe"]',ce='[data-widget="iframe-fullscreen"]',he=".content-wrapper",ge=".content-wrapper iframe",pe=".content-wrapper.iframe-mode .nav",me=".content-wrapper.iframe-mode .navbar-nav",ve=me+" .nav-item",_e=me+" .nav-link",be=".content-wrapper.iframe-mode .tab-content",ye=be+" .tab-empty",Ce=be+" .tab-loading",we=be+" .tab-pane",xe=".main-sidebar .nav-item > a.nav-link",Ie=".main-header .nav-item a.nav-link",Te=".main-header a.dropdown-item",Se="iframe-mode",je="iframe-mode-fullscreen",ke={onTabClick:function(e){return e},onTabChanged:function(e){return e},onTabCreated:function(e){return e},autoIframeMode:!0,autoItemActive:!0,autoShowNewTab:!0,autoDarkMode:!1,allowDuplicates:!1,allowReload:!0,loadingScreen:!0,useNavbarItems:!0,scrollOffset:40,scrollBehaviorSwap:!1,iconMaximize:"fa-expand",iconMinimize:"fa-compress"},Qe=function(){function e(e,t){this._config=t,this._element=e,this._init()}var t=e.prototype;return t.onTabClick=function(e){this._config.onTabClick(e)},t.onTabChanged=function(e){this._config.onTabChanged(e)},t.onTabCreated=function(e){this._config.onTabCreated(e)},t.createTab=function(e,t,a,i){var o=this,l="panel-"+a,s="tab-"+a;this._config.allowDuplicates&&(l+="-"+Math.floor(1e3*Math.random()),s+="-"+Math.floor(1e3*Math.random()));var r='<li class="nav-item" role="presentation"><a href="#" class="btn-iframe-close" data-widget="iframe-close" data-type="only-this"><i class="fas fa-times"></i></a><a class="nav-link" data-toggle="row" id="'+s+'" href="#'+l+'" role="tab" aria-controls="'+l+'" aria-selected="false">'+e+"</a></li>";n.default(me).append(unescape(escape(r)));var d='<div class="tab-pane fade" id="'+l+'" role="tabpanel" aria-labelledby="'+s+'"><iframe src="'+t+'"></iframe></div>';if(n.default(be).append(unescape(escape(d))),i)if(this._config.loadingScreen){var f=n.default(Ce);f.fadeIn(),n.default(l+" iframe").ready((function(){"number"==typeof o._config.loadingScreen?(o.switchTab("#"+s),setTimeout((function(){f.fadeOut()}),o._config.loadingScreen)):(o.switchTab("#"+s),f.fadeOut())}))}else this.switchTab("#"+s);this.onTabCreated(n.default("#"+s))},t.openTabSidebar=function(e,t){void 0===t&&(t=this._config.autoShowNewTab);var a=n.default(e).clone();void 0===a.attr("href")&&(a=n.default(e).parent("a").clone()),a.find(".right, .search-path").remove();var i=a.find("p").text();""===i&&(i=a.text());var o=a.attr("href");if("#"!==o&&""!==o&&void 0!==o){var l=unescape(o).replace("./","").replace(/["#&'./:=?[\]]/gi,"-").replace(/(--)/gi,""),s="tab-"+l;if(!this._config.allowDuplicates&&n.default("#"+s).length>0)return this.switchTab("#"+s,this._config.allowReload);(!this._config.allowDuplicates&&0===n.default("#"+s).length||this._config.allowDuplicates)&&this.createTab(i,o,l,t)}},t.switchTab=function(e,t){var a=this;void 0===t&&(t=!1);var i=n.default(e),o=i.attr("href");if(n.default(ye).hide(),t){var l=n.default(Ce);this._config.loadingScreen?l.show(0,(function(){n.default(o+" iframe").attr("src",n.default(o+" iframe").attr("src")).ready((function(){a._config.loadingScreen&&("number"==typeof a._config.loadingScreen?setTimeout((function(){l.fadeOut()}),a._config.loadingScreen):l.fadeOut())}))})):n.default(o+" iframe").attr("src",n.default(o+" iframe").attr("src"))}n.default(me+" .active").tab("dispose").removeClass("active"),this._fixHeight(),i.tab("show"),i.parents("li").addClass("active"),this.onTabChanged(i),this._config.autoItemActive&&this._setItemActive(n.default(o+" iframe").attr("src"))},t.removeActiveTab=function(e,t){if("all"==e)n.default(ve).remove(),n.default(we).remove(),n.default(ye).show();else if("all-other"==e)n.default(ve+":not(.active)").remove(),n.default(we+":not(.active)").remove();else if("only-this"==e){var a=n.default(t),i=a.parent(".nav-item"),o=i.parent(),l=i.index(),s=a.siblings(".nav-link").attr("aria-controls");if(i.remove(),n.default("#"+s).remove(),n.default(be).children().length==n.default(ye+", "+Ce).length)n.default(ye).show();else{var r=l-1;this.switchTab(o.children().eq(r).find("a.nav-link"))}}else{var d=n.default(ve+".active"),f=d.parent(),u=d.index();if(d.remove(),n.default(we+".active").remove(),n.default(be).children().length==n.default(ye+", "+Ce).length)n.default(ye).show();else{var c=u-1;this.switchTab(f.children().eq(c).find("a.nav-link"))}}},t.toggleFullscreen=function(){n.default("body").hasClass(je)?(n.default(ce+" i").removeClass(this._config.iconMinimize).addClass(this._config.iconMaximize),n.default("body").removeClass(je),n.default(ye+", "+Ce).height("100%"),n.default(he).height("100%"),n.default(ge).height("100%")):(n.default(ce+" i").removeClass(this._config.iconMaximize).addClass(this._config.iconMinimize),n.default("body").addClass(je)),n.default(window).trigger("resize"),this._fixHeight(!0)},t._init=function(){var e=n.default(be).children().length>2;if(this._setupListeners(),this._fixHeight(!0),e){var t=n.default(""+we).first();console.log(t);var a="#tab-"+t.attr("id").replace("panel-","");this.switchTab(a,!0)}},t._initFrameElement=function(){if(window.frameElement&&this._config.autoIframeMode){var e=n.default("body");e.addClass(Se),this._config.autoDarkMode&&e.addClass("dark-mode")}},t._navScroll=function(e){var t=n.default(me).scrollLeft();n.default(me).animate({scrollLeft:t+e},250,"linear")},t._setupListeners=function(){var e=this;n.default(window).on("resize",(function(){setTimeout((function(){e._fixHeight()}),1)})),n.default(he).hasClass(Se)&&(n.default(document).on("click",xe+", .sidebar-search-results .list-group-item",(function(t){t.preventDefault(),e.openTabSidebar(t.target)})),this._config.useNavbarItems&&n.default(document).on("click",Ie+", "+Te,(function(t){t.preventDefault(),e.openTabSidebar(t.target)}))),n.default(document).on("click",_e,(function(t){t.preventDefault(),e.onTabClick(t.target),e.switchTab(t.target)})),n.default(document).on("click",_e,(function(t){t.preventDefault(),e.onTabClick(t.target),e.switchTab(t.target)})),n.default(document).on("click",'[data-widget="iframe-close"]',(function(t){t.preventDefault();var a=t.target;"I"==a.nodeName&&(a=t.target.offsetParent),e.removeActiveTab(a.attributes["data-type"]?a.attributes["data-type"].nodeValue:null,a)})),n.default(document).on("click",ce,(function(t){t.preventDefault(),e.toggleFullscreen()}));var t=!1,a=null;n.default(document).on("mousedown",'[data-widget="iframe-scrollleft"]',(function(n){n.preventDefault(),clearInterval(a);var i=e._config.scrollOffset;e._config.scrollBehaviorSwap||(i=-i),t=!0,e._navScroll(i),a=setInterval((function(){e._navScroll(i)}),250)})),n.default(document).on("mousedown",'[data-widget="iframe-scrollright"]',(function(n){n.preventDefault(),clearInterval(a);var i=e._config.scrollOffset;e._config.scrollBehaviorSwap&&(i=-i),t=!0,e._navScroll(i),a=setInterval((function(){e._navScroll(i)}),250)})),n.default(document).on("mouseup",(function(){t&&(t=!1,clearInterval(a),a=null)}))},t._setItemActive=function(e){n.default(xe+", "+Te).removeClass("active"),n.default(Ie).parent().removeClass("active");var t=n.default(Ie+'[href$="'+e+'"]'),a=n.default('.main-header a.dropdown-item[href$="'+e+'"]'),i=n.default(xe+'[href$="'+e+'"]');t.each((function(e,t){n.default(t).parent().addClass("active")})),a.each((function(e,t){n.default(t).addClass("active")})),i.each((function(e,t){n.default(t).addClass("active"),n.default(t).parents(".nav-treeview").prevAll(".nav-link").addClass("active")}))},t._fixHeight=function(e){if(void 0===e&&(e=!1),n.default("body").hasClass(je)){var t=n.default(window).height(),a=n.default(pe).outerHeight();n.default(ye+", "+Ce+", "+ge).height(t-a),n.default(he).height(t)}else{var i=parseFloat(n.default(he).css("height")),o=n.default(pe).outerHeight();1==e?setTimeout((function(){n.default(ye+", "+Ce).height(i-o)}),50):n.default(ge).height(i-o)}},e._jQueryInterface=function(t){if(n.default(ue).length>0){var a=n.default(this).data(de);a||(a=n.default(this).data());var i=n.default.extend({},ke,"object"==typeof t?t:a);localStorage.setItem("AdminLTE:IFrame:Options",JSON.stringify(i));var o=new e(n.default(this),i);n.default(this).data(de,"object"==typeof t?t:a),"string"==typeof t&&/createTab|openTabSidebar|switchTab|removeActiveTab/.test(t)&&o[t]()}else new e(n.default(this),JSON.parse(localStorage.getItem("AdminLTE:IFrame:Options")))._initFrameElement()},e}();n.default(window).on("load",(function(){Qe._jQueryInterface.call(n.default(ue))})),n.default.fn.IFrame=Qe._jQueryInterface,n.default.fn.IFrame.Constructor=Qe,n.default.fn.IFrame.noConflict=function(){return n.default.fn.IFrame=fe,Qe._jQueryInterface};var He="lte.layout",ze=n.default.fn.Layout,Fe=".main-header",Ee=".main-sidebar",Le=".main-sidebar .sidebar",De=".main-footer",Re="sidebar-focused",Ae={scrollbarTheme:"os-theme-light",scrollbarAutoHide:"l",panelAutoHeight:!0,panelAutoHeightMode:"min-height",preloadDuration:200,loginRegisterAutoHeight:!0},Me=function(){function e(e,t){this._config=t,this._element=e}var t=e.prototype;return t.fixLayoutHeight=function(e){void 0===e&&(e=null);var t=n.default("body"),a=0;(t.hasClass("control-sidebar-slide-open")||t.hasClass("control-sidebar-open")||"control_sidebar"===e)&&(a=n.default(".control-sidebar-content").outerHeight());var i={window:n.default(window).height(),header:n.default(Fe).length>0?n.default(Fe).outerHeight():0,footer:n.default(De).length>0?n.default(De).outerHeight():0,sidebar:n.default(Le).length>0?n.default(Le).height():0,controlSidebar:a},o=this._max(i),l=this._config.panelAutoHeight;!0===l&&(l=0);var s=n.default(".content-wrapper");!1!==l&&(o===i.controlSidebar?s.css(this._config.panelAutoHeightMode,o+l):o===i.window?s.css(this._config.panelAutoHeightMode,o+l-i.header-i.footer):s.css(this._config.panelAutoHeightMode,o+l-i.header),this._isFooterFixed()&&s.css(this._config.panelAutoHeightMode,parseFloat(s.css(this._config.panelAutoHeightMode))+i.footer)),t.hasClass("layout-fixed")&&("undefined"!=typeof n.default.fn.overlayScrollbars?n.default(Le).overlayScrollbars({className:this._config.scrollbarTheme,sizeAutoCapable:!0,scrollbars:{autoHide:this._config.scrollbarAutoHide,clickScrolling:!0}}):n.default(Le).css("overflow-y","auto"))},t.fixLoginRegisterHeight=function(){var e=n.default("body"),t=n.default(".login-box, .register-box");if(e.hasClass("iframe-mode"))e.css("height","100%"),n.default(".wrapper").css("height","100%"),n.default("html").css("height","100%");else if(0===t.length)e.css("height","auto"),n.default("html").css("height","auto");else{var a=t.height();e.css(this._config.panelAutoHeightMode)!==a&&e.css(this._config.panelAutoHeightMode,a)}},t._init=function(){var e=this;this.fixLayoutHeight(),!0===this._config.loginRegisterAutoHeight?this.fixLoginRegisterHeight():this._config.loginRegisterAutoHeight===parseInt(this._config.loginRegisterAutoHeight,10)&&setInterval(this.fixLoginRegisterHeight,this._config.loginRegisterAutoHeight),n.default(Le).on("collapsed.lte.treeview expanded.lte.treeview",(function(){e.fixLayoutHeight()})),n.default(Ee).on("mouseenter mouseleave",(function(){n.default("body").hasClass("sidebar-collapse")&&e.fixLayoutHeight()})),n.default('[data-widget="pushmenu"]').on("collapsed.lte.pushmenu shown.lte.pushmenu",(function(){setTimeout((function(){e.fixLayoutHeight()}),300)})),n.default('[data-widget="control-sidebar"]').on("collapsed.lte.controlsidebar",(function(){e.fixLayoutHeight()})).on("expanded.lte.controlsidebar",(function(){e.fixLayoutHeight("control_sidebar")})),n.default(window).resize((function(){e.fixLayoutHeight()})),setTimeout((function(){n.default("body.hold-transition").removeClass("hold-transition")}),50),setTimeout((function(){var e=n.default(".preloader");e&&(e.css("height",0),setTimeout((function(){e.children().hide()}),200))}),this._config.preloadDuration)},t._max=function(e){var t=0;return Object.keys(e).forEach((function(a){e[a]>t&&(t=e[a])})),t},t._isFooterFixed=function(){return"fixed"===n.default(De).css("position")},e._jQueryInterface=function(t){return void 0===t&&(t=""),this.each((function(){var a=n.default(this).data(He),i=n.default.extend({},Ae,n.default(this).data());a||(a=new e(n.default(this),i),n.default(this).data(He,a)),"init"===t||""===t?a._init():"fixLayoutHeight"!==t&&"fixLoginRegisterHeight"!==t||a[t]()}))},e}();n.default(window).on("load",(function(){Me._jQueryInterface.call(n.default("body"))})),n.default(Le+" a").on("focusin",(function(){n.default(Ee).addClass(Re)})).on("focusout",(function(){n.default(Ee).removeClass(Re)})),n.default.fn.Layout=Me._jQueryInterface,n.default.fn.Layout.Constructor=Me,n.default.fn.Layout.noConflict=function(){return n.default.fn.Layout=ze,Me._jQueryInterface};var qe="PushMenu",Oe="lte.pushmenu",Ne="."+Oe,Pe=n.default.fn[qe],Ue='[data-widget="pushmenu"]',Be="body",$e="sidebar-collapse",Je="sidebar-open",We="sidebar-is-opening",Ve="sidebar-closed",Ge={autoCollapseSize:992,enableRemember:!1,noTransitionAfterReload:!0,animationSpeed:300},Ke=function(){function e(e,t){this._element=e,this._options=n.default.extend({},Ge,t),0===n.default("#sidebar-overlay").length&&this._addOverlay(),this._init()}var t=e.prototype;return t.expand=function(){var e=n.default(Be);this._options.autoCollapseSize&&n.default(window).width()<=this._options.autoCollapseSize&&e.addClass(Je),e.addClass(We).removeClass("sidebar-collapse sidebar-closed").delay(50).queue((function(){e.removeClass(We),n.default(this).dequeue()})),this._options.enableRemember&&localStorage.setItem("remember"+Ne,Je),n.default(this._element).trigger(n.default.Event("shown.lte.pushmenu"))},t.collapse=function(){var e=this,t=n.default(Be);this._options.autoCollapseSize&&n.default(window).width()<=this._options.autoCollapseSize&&t.removeClass(Je).addClass(Ve),t.addClass($e),this._options.enableRemember&&localStorage.setItem("remember"+Ne,$e),n.default(this._element).trigger(n.default.Event("collapsed.lte.pushmenu")),setTimeout((function(){n.default(e._element).trigger(n.default.Event("collapsed-done.lte.pushmenu"))}),this._options.animationSpeed)},t.toggle=function(){n.default(Be).hasClass($e)?this.expand():this.collapse()},t.autoCollapse=function(e){if(void 0===e&&(e=!1),this._options.autoCollapseSize){var t=n.default(Be);n.default(window).width()<=this._options.autoCollapseSize?t.hasClass(Je)||this.collapse():!0===e&&(t.hasClass(Je)?t.removeClass(Je):t.hasClass(Ve)&&this.expand())}},t.remember=function(){if(this._options.enableRemember){var e=n.default("body");localStorage.getItem("remember"+Ne)===$e?this._options.noTransitionAfterReload?e.addClass("hold-transition").addClass($e).delay(50).queue((function(){n.default(this).removeClass("hold-transition"),n.default(this).dequeue()})):e.addClass($e):this._options.noTransitionAfterReload?e.addClass("hold-transition").removeClass($e).delay(50).queue((function(){n.default(this).removeClass("hold-transition"),n.default(this).dequeue()})):e.removeClass($e)}},t._init=function(){var e=this;this.remember(),this.autoCollapse(),n.default(window).resize((function(){e.autoCollapse(!0)}))},t._addOverlay=function(){var e=this,t=n.default("<div />",{id:"sidebar-overlay"});t.on("click",(function(){e.collapse()})),n.default(".wrapper").append(t)},e._jQueryInterface=function(t){return this.each((function(){var a=n.default(this).data(Oe),i=n.default.extend({},Ge,n.default(this).data());a||(a=new e(this,i),n.default(this).data(Oe,a)),"string"==typeof t&&/collapse|expand|toggle/.test(t)&&a[t]()}))},e}();n.default(document).on("click",Ue,(function(e){e.preventDefault();var t=e.currentTarget;"pushmenu"!==n.default(t).data("widget")&&(t=n.default(t).closest(Ue)),Ke._jQueryInterface.call(n.default(t),"toggle")})),n.default(window).on("load",(function(){Ke._jQueryInterface.call(n.default(Ue))})),n.default.fn[qe]=Ke._jQueryInterface,n.default.fn[qe].Constructor=Ke,n.default.fn[qe].noConflict=function(){return n.default.fn[qe]=Pe,Ke._jQueryInterface};var Xe="SidebarSearch",Ye="lte.sidebar-search",Ze=n.default.fn[Xe],et="sidebar-search-open",tt="fa-search",at="fa-times",nt="sidebar-search-results",it="list-group",ot='[data-widget="sidebar-search"]',lt=ot+" .form-control",st=ot+" .btn",rt=st+" i",dt=".sidebar-search-results",ft=".sidebar-search-results .list-group",ut={arrowSign:"->",minLength:3,maxResults:7,highlightName:!0,highlightPath:!1,highlightClass:"text-light",notFoundText:"No element found!"},ct=[],ht=function(){function e(e,t){this.element=e,this.options=n.default.extend({},ut,t),this.items=[]}var a=e.prototype;return a.init=function(){var e=this;0!==n.default(ot).length&&(0===n.default(ot).next(dt).length&&n.default(ot).after(n.default("<div />",{class:nt})),0===n.default(dt).children(".list-group").length&&n.default(dt).append(n.default("<div />",{class:it})),this._addNotFound(),n.default(".main-sidebar .nav-sidebar").children().each((function(t,a){e._parseItem(a)})))},a.search=function(){var e=this,t=n.default(lt).val().toLowerCase();if(t.length<this.options.minLength)return n.default(ft).empty(),this._addNotFound(),void this.close();var a=ct.filter((function(e){return e.name.toLowerCase().includes(t)})),i=n.default(a.slice(0,this.options.maxResults));n.default(ft).empty(),0===i.length?this._addNotFound():i.each((function(t,a){n.default(ft).append(e._renderItem(escape(a.name),encodeURI(a.link),a.path))})),this.open()},a.open=function(){n.default(ot).parent().addClass(et),n.default(rt).removeClass(tt).addClass(at)},a.close=function(){n.default(ot).parent().removeClass(et),n.default(rt).removeClass(at).addClass(tt)},a.toggle=function(){n.default(ot).parent().hasClass(et)?this.close():this.open()},a._parseItem=function(e,t){var a=this;if(void 0===t&&(t=[]),!n.default(e).hasClass("nav-header")){var i={},o=n.default(e).clone().find("> .nav-link"),l=n.default(e).clone().find("> .nav-treeview"),s=o.attr("href"),r=o.find("p").children().remove().end().text();if(i.name=this._trimText(r),i.link=s,i.path=t,0===l.length)ct.push(i);else{var d=i.path.concat([i.name]);l.children().each((function(e,t){a._parseItem(t,d)}))}}},a._trimText=function(e){return t.trim(e.replace(/(\r\n|\n|\r)/gm," "))},a._renderItem=function(e,t,a){var i=this;if(a=a.join(" "+this.options.arrowSign+" "),e=unescape(e),t=decodeURI(t),this.options.highlightName||this.options.highlightPath){var o=n.default(lt).val().toLowerCase(),l=new RegExp(o,"gi");this.options.highlightName&&(e=e.replace(l,(function(e){return'<strong class="'+i.options.highlightClass+'">'+e+"</strong>"}))),this.options.highlightPath&&(a=a.replace(l,(function(e){return'<strong class="'+i.options.highlightClass+'">'+e+"</strong>"})))}var s=n.default("<a/>",{href:decodeURIComponent(t),class:"list-group-item"}),r=n.default("<div/>",{class:"search-title"}).html(e),d=n.default("<div/>",{class:"search-path"}).html(a);return s.append(r).append(d),s},a._addNotFound=function(){n.default(ft).append(this._renderItem(this.options.notFoundText,"#",[]))},e._jQueryInterface=function(t){var a=n.default(this).data(Ye);a||(a=n.default(this).data());var i=n.default.extend({},ut,"object"==typeof t?t:a),o=new e(n.default(this),i);n.default(this).data(Ye,"object"==typeof t?t:a),"string"==typeof t&&/init|toggle|close|open|search/.test(t)?o[t]():o.init()},e}();n.default(document).on("click",st,(function(e){e.preventDefault(),ht._jQueryInterface.call(n.default(ot),"toggle")})),n.default(document).on("keyup",lt,(function(e){return 38==e.keyCode?(e.preventDefault(),void n.default(ft).children().last().focus()):40==e.keyCode?(e.preventDefault(),void n.default(ft).children().first().focus()):void setTimeout((function(){ht._jQueryInterface.call(n.default(ot),"search")}),100)})),n.default(document).on("keydown",ft,(function(e){var t=n.default(":focus");38==e.keyCode&&(e.preventDefault(),t.is(":first-child")?t.siblings().last().focus():t.prev().focus()),40==e.keyCode&&(e.preventDefault(),t.is(":last-child")?t.siblings().first().focus():t.next().focus())})),n.default(window).on("load",(function(){ht._jQueryInterface.call(n.default(ot),"init")})),n.default.fn[Xe]=ht._jQueryInterface,n.default.fn[Xe].Constructor=ht,n.default.fn[Xe].noConflict=function(){return n.default.fn[Xe]=Ze,ht._jQueryInterface};var gt="NavbarSearch",pt="lte.navbar-search",mt=n.default.fn[gt],vt='[data-widget="navbar-search"]',_t=".form-control",bt="navbar-search-open",yt={resetOnClose:!0,target:".navbar-search-block"},Ct=function(){function e(e,t){this._element=e,this._config=n.default.extend({},yt,t)}var t=e.prototype;return t.open=function(){n.default(this._config.target).css("display","flex").hide().fadeIn().addClass(bt),n.default(this._config.target+" "+_t).focus()},t.close=function(){n.default(this._config.target).fadeOut().removeClass(bt),this._config.resetOnClose&&n.default(this._config.target+" "+_t).val("")},t.toggle=function(){n.default(this._config.target).hasClass(bt)?this.close():this.open()},e._jQueryInterface=function(t){return this.each((function(){var a=n.default(this).data(pt),i=n.default.extend({},yt,n.default(this).data());if(a||(a=new e(this,i),n.default(this).data(pt,a)),!/toggle|close|open/.test(t))throw new Error("Undefined method "+t);a[t]()}))},e}();n.default(document).on("click",vt,(function(e){e.preventDefault();var t=n.default(e.currentTarget);"navbar-search"!==t.data("widget")&&(t=t.closest(vt)),Ct._jQueryInterface.call(t,"toggle")})),n.default.fn[gt]=Ct._jQueryInterface,n.default.fn[gt].Constructor=Ct,n.default.fn[gt].noConflict=function(){return n.default.fn[gt]=mt,Ct._jQueryInterface};var wt=n.default.fn.Toasts,xt="topRight",It="topLeft",Tt="bottomRight",St="bottomLeft",jt={position:xt,fixed:!0,autohide:!1,autoremove:!0,delay:1e3,fade:!0,icon:null,image:null,imageAlt:null,imageHeight:"25px",title:null,subtitle:null,close:!0,body:null,class:null},kt=function(){function e(e,t){this._config=t,this._prepareContainer(),n.default("body").trigger(n.default.Event("init.lte.toasts"))}var t=e.prototype;return t.create=function(){var e=n.default('<div class="toast" role="alert" aria-live="assertive" aria-atomic="true"/>');e.data("autohide",this._config.autohide),e.data("animation",this._config.fade),this._config.class&&e.addClass(this._config.class),this._config.delay&&500!=this._config.delay&&e.data("delay",this._config.delay);var t=n.default('<div class="toast-header">');if(null!=this._config.image){var a=n.default("<img />").addClass("rounded mr-2").attr("src",this._config.image).attr("alt",this._config.imageAlt);null!=this._config.imageHeight&&a.height(this._config.imageHeight).width("auto"),t.append(a)}if(null!=this._config.icon&&t.append(n.default("<i />").addClass("mr-2").addClass(this._config.icon)),null!=this._config.title&&t.append(n.default("<strong />").addClass("mr-auto").html(this._config.title)),null!=this._config.subtitle&&t.append(n.default("<small />").html(this._config.subtitle)),1==this._config.close){var i=n.default('<button data-dismiss="toast" />').attr("type","button").addClass("ml-2 mb-1 close").attr("aria-label","Close").append('<span aria-hidden="true">×</span>');null==this._config.title&&i.toggleClass("ml-2 ml-auto"),t.append(i)}e.append(t),null!=this._config.body&&e.append(n.default('<div class="toast-body" />').html(this._config.body)),n.default(this._getContainerId()).prepend(e);var o=n.default("body");o.trigger(n.default.Event("created.lte.toasts")),e.toast("show"),this._config.autoremove&&e.on("hidden.bs.toast",(function(){n.default(this).delay(200).remove(),o.trigger(n.default.Event("removed.lte.toasts"))}))},t._getContainerId=function(){return this._config.position==xt?"#toastsContainerTopRight":this._config.position==It?"#toastsContainerTopLeft":this._config.position==Tt?"#toastsContainerBottomRight":this._config.position==St?"#toastsContainerBottomLeft":void 0},t._prepareContainer=function(){if(0===n.default(this._getContainerId()).length){var e=n.default("<div />").attr("id",this._getContainerId().replace("#",""));this._config.position==xt?e.addClass("toasts-top-right"):this._config.position==It?e.addClass("toasts-top-left"):this._config.position==Tt?e.addClass("toasts-bottom-right"):this._config.position==St&&e.addClass("toasts-bottom-left"),n.default("body").append(e)}this._config.fixed?n.default(this._getContainerId()).addClass("fixed"):n.default(this._getContainerId()).removeClass("fixed")},e._jQueryInterface=function(t,a){return this.each((function(){var i=n.default.extend({},jt,a),o=new e(n.default(this),i);"create"===t&&o[t]()}))},e}();n.default.fn.Toasts=kt._jQueryInterface,n.default.fn.Toasts.Constructor=kt,n.default.fn.Toasts.noConflict=function(){return n.default.fn.Toasts=wt,kt._jQueryInterface};var Qt="TodoList",Ht="lte.todolist",zt=n.default.fn[Qt],Ft="done",Et={onCheck:function(e){return e},onUnCheck:function(e){return e}},Lt=function(){function e(e,t){this._config=t,this._element=e,this._init()}var t=e.prototype;return t.toggle=function(e){e.parents("li").toggleClass(Ft),n.default(e).prop("checked")?this.check(e):this.unCheck(n.default(e))},t.check=function(e){this._config.onCheck.call(e)},t.unCheck=function(e){this._config.onUnCheck.call(e)},t._init=function(){var e=this,t=this._element;t.find("input:checkbox:checked").parents("li").toggleClass(Ft),t.on("change","input:checkbox",(function(t){e.toggle(n.default(t.target))}))},e._jQueryInterface=function(t){return this.each((function(){var a=n.default(this).data(Ht);a||(a=n.default(this).data());var i=n.default.extend({},Et,"object"==typeof t?t:a),o=new e(n.default(this),i);n.default(this).data(Ht,"object"==typeof t?t:a),"init"===t&&o[t]()}))},e}();n.default(window).on("load",(function(){Lt._jQueryInterface.call(n.default('[data-widget="todo-list"]'))})),n.default.fn[Qt]=Lt._jQueryInterface,n.default.fn[Qt].Constructor=Lt,n.default.fn[Qt].noConflict=function(){return n.default.fn[Qt]=zt,Lt._jQueryInterface};var Dt="Treeview",Rt="lte.treeview",At=n.default.fn[Dt],Mt=".nav-item",qt=".nav-treeview",Ot=".menu-open",Nt='[data-widget="treeview"]',Pt="menu-open",Ut="menu-is-opening",Bt={trigger:Nt+" .nav-link",animationSpeed:300,accordion:!0,expandSidebar:!1,sidebarButtonSelector:'[data-widget="pushmenu"]'},$t=function(){function e(e,t){this._config=t,this._element=e}var t=e.prototype;return t.init=function(){n.default(".nav-item.menu-open .nav-treeview.menu-open").css("display","block"),this._setupListeners()},t.expand=function(e,t){var a=this,i=n.default.Event("expanded.lte.treeview");if(this._config.accordion){var o=t.siblings(Ot).first(),l=o.find(qt).first();this.collapse(l,o)}t.addClass(Ut),e.stop().slideDown(this._config.animationSpeed,(function(){t.addClass(Pt),n.default(a._element).trigger(i)})),this._config.expandSidebar&&this._expandSidebar()},t.collapse=function(e,t){var a=this,i=n.default.Event("collapsed.lte.treeview");t.removeClass("menu-is-opening menu-open"),e.stop().slideUp(this._config.animationSpeed,(function(){n.default(a._element).trigger(i),e.find(".menu-open > .nav-treeview").slideUp(),e.find(Ot).removeClass("menu-is-opening menu-open")}))},t.toggle=function(e){var t=n.default(e.currentTarget),a=t.parent(),i=a.find("> .nav-treeview");if(i.is(qt)||(a.is(Mt)||(i=a.parent().find("> .nav-treeview")),i.is(qt))){e.preventDefault();var o=t.parents(Mt).first();o.hasClass(Pt)?this.collapse(n.default(i),o):this.expand(n.default(i),o)}},t._setupListeners=function(){var e=this,t=void 0!==this._element.attr("id")?"#"+this._element.attr("id"):"";n.default(document).on("click",""+t+this._config.trigger,(function(t){e.toggle(t)}))},t._expandSidebar=function(){n.default("body").hasClass("sidebar-collapse")&&n.default(this._config.sidebarButtonSelector).PushMenu("expand")},e._jQueryInterface=function(t){return this.each((function(){var a=n.default(this).data(Rt),i=n.default.extend({},Bt,n.default(this).data());a||(a=new e(n.default(this),i),n.default(this).data(Rt,a)),"init"===t&&a[t]()}))},e}();n.default(window).on("load.lte.treeview",(function(){n.default(Nt).each((function(){$t._jQueryInterface.call(n.default(this),"init")}))})),n.default.fn[Dt]=$t._jQueryInterface,n.default.fn[Dt].Constructor=$t,n.default.fn[Dt].noConflict=function(){return n.default.fn[Dt]=At,$t._jQueryInterface},e.CardRefresh=f,e.CardWidget=I,e.ControlSidebar=M,e.DirectChat=P,e.Dropdown=V,e.ExpandableTable=te,e.Fullscreen=re,e.IFrame=Qe,e.Layout=Me,e.NavbarSearch=Ct,e.PushMenu=Ke,e.SidebarSearch=ht,e.Toasts=kt,e.TodoList=Lt,e.Treeview=$t,Object.defineProperty(e,"__esModule",{value:!0})})); //# sourceMappingURL=adminlte.min.js.mapEvidence todoSolution Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
-
-
Re-examine Cache-control Directives (1)
-
GET https://fair-communications.net/
Alert tags Alert description The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.
Request Request line and header section (478 bytes)
GET https://fair-communications.net/ HTTP/1.1 host: fair-communications.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: ja,en-US;q=0.7,en;q=0.3 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=1Request body (0 bytes)
Response Status line and header section (1136 bytes)
HTTP/1.1 200 OK Server: nginx Date: Mon, 15 Jul 2024 08:39:19 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding Cache-Control: no-cache, private Set-Cookie: XSRF-TOKEN=eyJpdiI6ImNzaFdKeUNzMEo3eC9Na0xQNFIxenc9PSIsInZhbHVlIjoiTnpPWHFvVkh0Nm1WNkZwMWJjYUtGVWF3SlduL01PTW1IT2lhT1NhL21HWjROSlBjT2c0NWVqbThvYjlYN1VNSW51YmxxcEhlT1JIU0JheTdBMjE0am42Z3dmcnR2UDZqSEpseC91VGtLMlFIVTFlaGE3UHBNK0l2U0ZsKzFPeDkiLCJtYWMiOiJhMWVmMDgxOTcwYTM0NGU0MjJmZjBmYTcwODRjYmQ4YTM1MmViMzc5NzAxNmZlYTAyNThmMTBlYjczZDkzN2JkIiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: fair_communicationsnet_session=eyJpdiI6ImwyUmd5YTRTOVdHdEs4SG9pU1FpR0E9PSIsInZhbHVlIjoiWStTU1ZLcjVYQmxyamdkejlyZ1hoUGREZ2pVaStKT3d2TUpRVmw5WTlGR2FCRmIzbHlTdDRqVlNNWFh4bHE5QS9pSExPZjJ0dXhYdGMrUXNqcE51UzViM2s3YWYzem02SzlUWFltcUFYNnF6bGpHYmdYdm1sbnZMSVhRZjQ0azgiLCJtYWMiOiJjNGU1ZTBjYWRlOWM5ODg2ZmI5MGU4N2EwYzAzMmI0YjNkNTNlYzc5NTlkMTIyZDNlMmRiNmQ3M2IxNzMwNmE0IiwidGFnIjoiIn0%3D; expires=Mon, 15 Jul 2024 10:39:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax content-length: 3560Response body (3560 bytes)
<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- CSRF Token --> <meta name="csrf-token" content="VlHd9bUtvAPptwNCmN4codUqBjpPXLQdpFKhDmVp"> <meta name="description" content="フェア・コミュニケーションズの紹介"> <title>fair-communications.net - top</title> <!-- Fonts --> <link rel="dns-prefetch" href="//fonts.bunny.net"> <link href="https://fonts.bunny.net/css?family=Nunito" rel="stylesheet"> <!-- Scripts --> <link rel="preload" as="style" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="preload" as="style" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/app-CR-d9MPM.css" /><link rel="stylesheet" href="https://fair-communications.net/build/assets/fontawesome-CUt6C77S.css" /> </head> <body> <div id="app"> <nav class="navbar navbar-expand-md sticky-top navbar-light bg-light"> <a class="navbar-brand" href="https://fair-communications.net"> fair-communications.net </a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarToggler" aria-controls="navbarToggler" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarToggler"> <!-- Left Side Of Navbar --> <ul class="navbar-nav mr-auto"> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link active " href="https://fair-communications.net"> トップ </a> </li> <li class="nav-item ml-3 ml-lg-0"> <a class="nav-link " href="https://fair-communications.net/vulnerability-scan-service"> ウェブサイトの健康診断サービス </a> </li> </ul> <!-- Right Side Of Navbar --> <ul class="navbar-nav ml-auto"> <!-- Authentication Links --> </ul> </div> </nav> <main class=""> <div class="container"> <section class="mt-0 mb-5"> <h1 class="display-4 pb-2">フェア・コミュニケーションズ</h1> </section> <section class="mt-5 mb-5"> <h2 class="display-5 pb-2">ウェブサイトの健康診断サービス</h2> <p> ウェブサイトのセキュリティの向上のために、『ウェブサイトの健康診断サービス』を提供します。 </p> </section> </div> </main> <footer class="app-footer text-center"> <strong> Copyright © 2024 <a href="https://fair-communications.net" class="text-decoration-none">fair-communications.net</a>. </strong> All rights reserved. </footer> </div> <script type="text/javascript" src="https://fair-communications.net/js/jquery.slim.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/bootstrap.bundle.min.js"></script> <script type="text/javascript" src="https://fair-communications.net/js/adminlte.min.js"></script> </body> </html>Parameter cache-controlEvidence no-cache, privateSolution For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".
-
-
-
Appendix
Alert types
This section contains additional information on the types of alerts in the report.
-
Content Security Policy (CSP) Header Not Set
-
Cross-Domain Misconfiguration
Source raised by a passive scanner (Cross-Domain Misconfiguration) CWE ID 264 WASC ID 14 Reference -
Missing Anti-clickjacking Header
Source raised by a passive scanner (Anti-clickjacking Header) CWE ID 1021 WASC ID 15 Reference -
Cookie No HttpOnly Flag
Source raised by a passive scanner (Cookie No HttpOnly Flag) CWE ID 1004 WASC ID 13 Reference -
Cookie Without Secure Flag
Source raised by a passive scanner (Cookie Without Secure Flag) CWE ID 614 WASC ID 13 Reference -
Server Leaks Version Information via "Server" HTTP Response Header Field
Source raised by a passive scanner (HTTP Server Response Header) CWE ID 200 WASC ID 13 Reference -
Strict-Transport-Security Header Not Set
Source raised by a passive scanner (Strict-Transport-Security Header) CWE ID 319 WASC ID 15 Reference -
X-Content-Type-Options Header Missing
Source raised by a passive scanner (X-Content-Type-Options Header Missing) CWE ID 693 WASC ID 15 Reference -
Information Disclosure - Suspicious Comments
Source raised by a passive scanner (Information Disclosure - Suspicious Comments) CWE ID 200 WASC ID 13 -
Re-examine Cache-control Directives
Source raised by a passive scanner (Re-examine Cache-control Directives) CWE ID 525 WASC ID 13 Reference -
Session Management Response Identified
Source raised by a passive scanner (Session Management Response Identified) Reference -
User Agent Fuzzer
Source raised by an active scanner (User Agent Fuzzer) Reference