Security Report Summary
C
Site: | https://online.lloydsbank.co.uk/personal/logon/login.jsp | ||
---|---|---|---|
IP Address: | 95.100.70.171 | ||
Report Time: | 29 Mar 2024 02:04:32 UTC | ||
Headers: |
|
||
Advanced: |
|
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Raw Headers
HTTP/1.1 | 200 OK |
---|---|
X-Powered-By | Servlet/3.0 |
X-OneAgent-JS-Injection | true |
Server-Timing | dtRpid;desc="-1626950514", dtSInfo;desc="0" |
Content-Type | text/html;charset=UTF-8 |
Cache-Control | max-age=0, no-cache, no-store, must-revalidate |
Pragma | no-cache |
Content-Language | en-GB |
Expires | Thu, 01 Dec 1994 16:00:00 GMT |
X-Frame-Options | SAMEORIGIN |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Akamai-Transformed | 9 8755 0 pmb=mTOE,3 |
Content-Encoding | gzip |
Date | Fri, 29 Mar 2024 02:04:32 GMT |
Content-Length | 8339 |
Connection | keep-alive |
Vary | Accept-Encoding |
Set-Cookie | dtCookie=v_4_srv_11_sn_BF6D045978ACB9454D410B4E1F918DB7_perc_100000_ol_0_mul_1_app-3A93ac96e72a46fe83_1; Path=/; Domain=.lloydsbank.co.uk; Secure |
Set-Cookie | IBCOOKIE03=IBCOOKIE03VALUE;HttpOnly; Path=/personal; Domain=.lloydsbank.co.uk; Secure |
Set-Cookie | TLCookie=RANDts5hmZQsd4tiWwX76gHZNzOjbQpOd5aP_1711679072; Path=/; Domain=.lloydsbank.co.uk; Secure |
Set-Cookie | IBCOOKIE08=!b6PAtOGJ0Xb5W8g/NZVGuWp8DXKI9VKUWtmBnSiXo0PxD9HasdSYG7ACgpO+;Path=/;Domain=online.lloydsbank.co.uk;Version=1;Httponly;Secure |
Set-Cookie | IBCOOKIE02=3f08c95b4b21d13322f111ff0d8f6ec1d2894566986968a8de170b292dfacb73650dc866f421075e46c8a4fc01e25717rgryyyjH98VqfMm+qM5avnk+7zr1SRwRHyivY1MqdQDO25ZA9YlfQAxBoCNHq0vCdeNmOah6/7yAIebS52kAD3EzKQzxo64KTAIrBwlLppf+MvFNLv2vBAtno0mSdsWYeNHVJjyBWurDJVROXlP1uR791phSFJbYw5SM3wZvIVM=;Path=/;Domain=.lloydsbank.co.uk;Version=1;Httponly;Secure |
Set-Cookie | IBCOOKIE10=65ab43bd3acf2507ff39ff1554c80539;Path=/;Domain=online.lloydsbank.co.uk;Version=1;Httponly;Secure;Expires=Fri, 29-Mar-2024 03:04:32 GMT |
Set-Cookie | IBUNAUTHSESSION=f5467b7019a738dd1c7216d1d91274f89c067e893d16ffb6213b334596d5cb1c4ab88a9152cbf52a0e62f43d83ca0722+P+IWI1wW82vCwDyGFzZz+97SgCV2lJ87uizJAqAeqGFrGxrrXP2bB/Yy3EAZxgDtCXOP70cC7qemz7Mk2IJ0byWqOa+qcadKw3rZqIUVCOfnXSsyWa4+Sm0cMakEoeWQVd3wruXfvLxF71J2VsyYI9VrTnh3oOP03Zgw8hAfvpOR335Tm4sjAgUQXpoTxJnenk5/sLmI0Sndqfet2XbrxYtiSLAnv+M33W0Dz++Yil1FjxC5baczVFCI1EoLhysMrFnxzq86r/LU22kXmI53PM0qo6oNvc2BYgmC5LtGvYxcF/XRFpqY8Ak9XSGGAyW; Path=/; Domain=online.lloydsbank.co.uk; Version=1; Secure; Httponly |
Set-Cookie | _abck=E71CA5E6FFC8992ADED5DC6E52D11AD6~-1~YAAQoHp7XHteXYeOAQAAaZjzhwtn35VdOBQUDIussoxyYx4Yl5gJO3EKpP8khmGippsWmXsswCPkhbpk/XFjE8LOaqjGmsG1WbI2/HC1PZ1VINwyAkpgtiOMR3qEX2+egXXXQmPfRLC0WnHrUqxAtGqSmilX2m2S3mN/BfVIyRnduDgDPpV+fO2bkNa7meiz5EGf/+UsXNRoXKPpy2vapqqqRfXvMhlBRZqj/RoiAYDBcpVL5EKEsfk+PLnarjmKimCA4z2PdfaISj6+dBkBYrHCKBdd0Tlyt1nFuktgD53xlO2vB3cbWMDXtDyHsnhKC58fbjByJn5sCnrUKb/bRKReOlkWsJ0TdeCPGhcTYgY3Nb9NH/UMd6LTURxm/weiPsc=~-1~-1~-1; Domain=.lloydsbank.co.uk; Path=/; Expires=Sat, 29 Mar 2025 02:04:32 GMT; Max-Age=31536000; Secure |
Set-Cookie | bm_sz=DF7F6A9802857A89343DFCB6CFCA753B~YAAQoHp7XHxeXYeOAQAAaZjzhxdp883h13/ocudwZenvfrqmiWGXReYvbAazvWolIwF4PlsZG7axo5mELbE00r15SEvpz2YNYxTChBRTtafjQg14evIHRIokyibAjf9Ml5uO6eE8qYYBOJximgNU19PVu0X/0UIrRviZdAQbknlB5udHU5qJF6cb2WdBq7BSvwmItFZiKq8dab9esqI6ejfAsw3u+g2SmZnP6xXaQwliW9/ahQqkcdTAL74ZIXXVzhLneQUlQmzk2J19pDOKbHDLlqNG/SYgRIIHSrx2qNDPG67ejPc/7bdTn2qVqcwdHae0KUrRHBtfDQLj2s2CH9OTBb0dOo2GZ2rhlwe7oS4tDxU=~3294005~4408644; Domain=.lloydsbank.co.uk; Path=/; Expires=Fri, 29 Mar 2024 06:04:32 GMT; Max-Age=14400; Secure |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
X-Powered-By | X-Powered-By can usually be seen with values like "PHP/5.5.9-1ubuntu4.5" or "ASP.NET". Trying to minimise the amount of information you give out about your server is a good idea. This header should be removed or the value changed. |
---|---|
X-Frame-Options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
X-XSS-Protection | X-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead. |
X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
Strict-Transport-Security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |
Set-Cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |