SSL Report:
www.xsportshelmets.com
(20.10.20.18)
Assessed on: Fri, 22 Aug 2025 00:07:36 UTC
| Clear cache
Summary
0
20
40
60
80
100
Certificate
Protocol Support
Key Exchange
Cipher Strength
Visit our documentation page
for more information, configuration guides, and books. Known issues are documented
here.
This site works only in browsers with SNI support.
This server supports TLS 1.3. MORE INFO »
HTTP Strict Transport Security (HSTS) with long duration deployed on this server.
MORE INFO »
Certificate #1: RSA 2048 bits (SHA256withRSA)
|
Server Key and Certificate #1
|
|
| Subject |
xsportshelmets.com
Fingerprint SHA256: a8fe6edaa3324441b33dc6e449e9a4b1c327d957e71547ec81a01fe5870478bd Pin SHA256: nUvoyIBTsAQae5qh8x4CIPCGWECKiYySeCKs6tbaiRM= |
| Common names | xsportshelmets.com |
| Alternative names | xsportshelmets.com www.xsportshelmets.com |
| Serial Number | 7c701ea83130d377 |
| Valid from | Thu, 31 Jul 2025 15:35:59 UTC |
| Valid until | Sun, 30 Aug 2026 22:28:41 UTC (expires in 1 year) |
| Key | RSA 2048 bits (e 65537) |
| Weak key (Debian) | No |
| Issuer | Go Daddy Secure Certificate Authority - G2
AIA: http://certificates.godaddy.com/repository/gdig2.crt |
| Signature algorithm | SHA256withRSA |
| Extended Validation | No |
| Certificate Transparency | Yes (certificate) |
| OCSP Must Staple | No |
| Revocation information |
CRL, OCSP CRL: http://crl.godaddy.com/gdig2s1-56582.crl OCSP: http://ocsp.godaddy.com/ |
| Revocation status | Good (not revoked) |
| DNS CAA | No (more info) |
| Trusted | Yes
Mozilla Apple Android Java Windows |
Certification Paths |
Certificate #2: RSA 2048 bits (SHA256withRSA)
No SNI
|
Certification Paths |
Configuration
| Protocols | |
| TLS 1.3 | Yes |
| TLS 1.2 | Yes* |
| TLS 1.1 | No |
| TLS 1.0 | No |
| SSL 3 | No |
| SSL 2 | No |
| (*) Experimental: Server negotiated using No-SNI | |
| Cipher Suites | ||
|
# TLS 1.3 (suites in server-preferred order)
|
||
TLS_AES_256_GCM_SHA384 (0x1302)
ECDH x25519 (eq. 3072 bits RSA) FS
|
256 | |
TLS_CHACHA20_POLY1305_SHA256 (0x1303)
ECDH x25519 (eq. 3072 bits RSA) FS
|
256 | |
TLS_AES_128_GCM_SHA256 (0x1301)
ECDH x25519 (eq. 3072 bits RSA) FS
|
128 | |
TLS_AES_128_CCM_SHA256 (0x1304)
ECDH x25519 (eq. 3072 bits RSA) FS
|
128 | |
|
# TLS 1.2 (suites in server-preferred order)
|
||
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
ECDH x25519 (eq. 3072 bits RSA) FS
|
256 | |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
ECDH x25519 (eq. 3072 bits RSA) FS
|
256 | |
| Handshake Simulation | |||
| Android 4.4.2 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Android 5.0.0 |
Server sent fatal alert: handshake_failure |
||
| Android 6.0 |
Server sent fatal alert: handshake_failure |
||
| Android 7.0 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| Android 8.0 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| Android 8.1 | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Android 9.0 | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| BingPreview Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Chrome 49 / XP SP3 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH secp256r1 FS |
| Chrome 69 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| Chrome 70 / Win 10 | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Chrome 80 / Win 10 R | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Firefox 31.3.0 ESR / Win 7 |
Server sent fatal alert: handshake_failure |
||
| Firefox 47 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH secp256r1 FS |
| Firefox 49 / XP SP3 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH secp256r1 FS |
| Firefox 62 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| Firefox 73 / Win 10 R | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Googlebot Feb 2018 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| IE 11 / Win 7 R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win 8.1 R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win Phone 8.1 R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win Phone 8.1 Update R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Edge 15 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS |
| Edge 16 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS |
| Edge 18 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS |
| Edge 13 / Win Phone 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Java 8u161 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Java 11.0.3 | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Java 12.0.1 | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| OpenSSL 1.0.1l R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| OpenSSL 1.0.2s R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| OpenSSL 1.1.0k R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| OpenSSL 1.1.1c R | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Safari 6 / iOS 6.0.1 |
Server sent fatal alert: handshake_failure |
||
| Safari 7 / iOS 7.1 R |
Server sent fatal alert: handshake_failure |
||
| Safari 7 / OS X 10.9 R |
Server sent fatal alert: handshake_failure |
||
| Safari 8 / iOS 8.4 R |
Server sent fatal alert: handshake_failure |
||
| Safari 8 / OS X 10.10 R |
Server sent fatal alert: handshake_failure |
||
| Safari 9 / iOS 9 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 9 / OS X 10.11 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 10 / iOS 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 10 / OS X 10.12 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 12.1.2 / MacOS 10.14.6 Beta R | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Safari 12.1.1 / iOS 12.3.1 R | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Apple ATS 9 / iOS 9 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Yahoo Slurp Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| YandexBot Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
|
# Not simulated clients (Protocol mismatch)
|
|||
| Android 2.3.7 No SNI 2 |
Protocol mismatch (not simulated) |
||
| Android 4.0.4 |
Protocol mismatch (not simulated) |
||
| Android 4.1.1 |
Protocol mismatch (not simulated) |
||
| Android 4.2.2 |
Protocol mismatch (not simulated) |
||
| Android 4.3 |
Protocol mismatch (not simulated) |
||
| Baidu Jan 2015 |
Protocol mismatch (not simulated) |
||
| IE 6 / XP No FS 1 No SNI 2 |
Protocol mismatch (not simulated) |
||
| IE 7 / Vista |
Protocol mismatch (not simulated) |
||
| IE 8 / XP No FS 1 No SNI 2 |
Protocol mismatch (not simulated) |
||
| IE 8-10 / Win 7 R |
Protocol mismatch (not simulated) |
||
| IE 10 / Win Phone 8.0 |
Protocol mismatch (not simulated) |
||
| Java 6u45 No SNI 2 |
Protocol mismatch (not simulated) |
||
| Java 7u25 |
Protocol mismatch (not simulated) |
||
| OpenSSL 0.9.8y |
Protocol mismatch (not simulated) |
||
| Safari 5.1.9 / OS X 10.6.8 |
Protocol mismatch (not simulated) |
||
| Safari 6.0.4 / OS X 10.8.4 R |
Protocol mismatch (not simulated) |
||
| (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. | |||
| (2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. | |||
| (3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version. | |||
| (R) Denotes a reference browser or client, with which we expect better effective security. | |||
| (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). | |||
| (All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake. | |||
| Protocol Details | |
| Secure Renegotiation | Supported |
| Secure Client-Initiated Renegotiation | No |
| Insecure Client-Initiated Renegotiation | No |
| BEAST attack | Mitigated server-side (more info) |
| POODLE (SSLv3) | No, SSL 3 not supported (more info) |
| POODLE (TLS) | No (more info) |
| Zombie POODLE | No (more info) |
| GOLDENDOODLE | No (more info) |
| OpenSSL 0-Length | No (more info) |
| Sleeping POODLE | No (more info) |
| Downgrade attack prevention | Yes, TLS_FALLBACK_SCSV supported (more info) |
| SSL/TLS compression | No |
| RC4 | No |
| Heartbeat (extension) | No |
| Heartbleed (vulnerability) | No (more info) |
| Ticketbleed (vulnerability) | No (more info) |
| OpenSSL CCS vuln. (CVE-2014-0224) | No (more info) |
| OpenSSL Padding Oracle vuln. (CVE-2016-2107) |
No (more info) |
| ROBOT (vulnerability) | No (more info) |
| Forward Secrecy | Yes (with most browsers) ROBUST (more info) |
| ALPN | Yes h2 http/1.1 |
| NPN | No |
| Session resumption (caching) | Yes |
| Session resumption (tickets) | No |
| OCSP stapling | No |
| Strict Transport Security (HSTS) | Yes
max-age=31557600; includeSubDomains; preload |
| HSTS Preloading | Not in: Chrome Edge Firefox IE |
| Public Key Pinning (HPKP) | No (more info) |
| Public Key Pinning Report-Only | No |
| Public Key Pinning (Static) | No (more info) |
| Long handshake intolerance | No |
| TLS extension intolerance | No |
| TLS version intolerance | No |
| Incorrect SNI alerts | No |
| Uses common DH primes | No, DHE suites not supported |
| DH public server param (Ys) reuse | No, DHE suites not supported |
| ECDH public server param reuse | No |
| Supported Named Groups | x25519, secp256r1, x448, secp521r1, secp384r1 (server preferred order) |
| SSL 2 handshake compatibility | No |
| 0-RTT enabled | No |
|
HTTP Requests
|
|
1 https://www.xsportshelmets.com/
(HTTP/1.1 200 OK)
| 1 | |
| Server | nginx | |
| Content-Type | text/html; charset=UTF-8 | |
| Content-Length | 26995 | |
| Connection | close | |
| Vary | Accept-Encoding | |
| Cache-Control | max-age=1800, public | |
| Date | Wed, 23 Jul 2025 15:37:22 GMT | |
| X-Drupal-Dynamic-Cache | HIT | |
| Content-language | es | |
| X-Content-Type-Options | nosniff | |
| X-Frame-Options | SAMEORIGIN | |
| X-Drupal-Cache-Tags | CACHE_MISS_IF_UNCACHEABLE_HTTP_METHOD:form block_content:4 block_content_view block_view block_visibility_group:home block_visibility_group:page_news block_visibility_group:title_in_main config:block.block.bannerhome config:block.block.puntosdeventamarvel config:block.block.videomarvel config:block.block.views_block__footer_vistas_block_1 config:block.block.views_block__paises_block_1 config:block.block.views_block__products_product_highlight_2 config:block.block.x_sports_atencionalcliente config:block.block.x_sports_atencionalcliente_2 config:block.block.x_sports_companyinformation config:block.block.x_sports_contenidoprincipaldelapagina config:block.block.x_sports_cookiespolicy config:block.block.x_sports_formulariodebusqueda config:block.block.x_sports_help config:block.block.x_sports_local_actions config:block.block.x_sports_local_tasks config:block.block.x_sports_menublog config:block.block.x_sports_menuheader_2 config:block.block.x_sports_messages config:block.block.x_sports_nuestrafilosofia config:block.block.x_sports_nuestrosvalores config:block.block.x_sports_productosrelacionados config:block.block.x_sports_titulodelapagina config:block.block.x_sports_titulodelapagina_2 config:block.block.x_sports_views_block__carousel_block_1 config:block.block.x_sports_views_block__configuration_bike_logo config:block.block.x_sports_views_block__configuration_block_social_networks config:block.block.x_sports_views_block__configuration_block_social_networks_2 config:block.block.x_sports_views_block__products_block_product_category config:block.block.x_sports_views_block__products_product_highlight config:block.block.x_sports_views_block__slide_block_2 config:block.block.x_sports_webform config:block_list config:block_visibility_groups.block_visibility_group.home config:block_visibility_groups.block_visibility_group.page_news config:block_visibility_groups.block_visibility_group.title_in_main config:field.storage.node.field_boton_video config:field.storage.node.field_imagen_movil config:field.storage.node.field_images config:field.storage.node.field_link config:field.storage.node.field_logo config:field.storage.node.field_social_networks config:field.storage.node.field_video_promocional config:field.storage.taxonomy_term.field_bandera_pais config:field.storage.taxonomy_term.field_url_pais config:filter.format.full_html config:google_tag.container.general config:google_tag_container_list config:honeypot.settings config:image.style.large config:image.style.thumbnail config:image.style.webp config:search.settings config:system.menu.company-information config:system.menu.customer-service config:system.menu.menu-header config:system.site config:user.role.anonymous config:views.view.carousel config:views.view.configuration config:views.view.paises config:views.view.slide config:webform.settings config:webform.webform.contactanos config:webform.webform.find_a_dealer file:3107 file:3926 file:4320 file:4321 file:4500 file:4503 file:4979 file:4980 file:4981 file:4982 file:4983 file:4984 file:4985 file:4986 http_response local_task node:1 node:1482 node:1488 node:1489 node:1490 node:2929 node:2930 node:2931 node:2937 node:3358 node_list node_view page_manager_route_name:entity.node.canonical rendered taxonomy_term:1190 taxonomy_term:1191 taxonomy_term:1193 taxonomy_term:1194 taxonomy_term_list user:1 webform:contactanos webform:find_a_dealer | |
| X-Drupal-Cache-Contexts | cookies:big_pipe_nojs languages:language_content languages:language_interface route session.exists theme timezone url.path url.query_args:_wrapper_format url.site user.node_grants:view user.permissions user.roles:authenticated | |
| X-Drupal-Cache-Max-Age | 0 (Uncacheable) | |
| Expires | Sun, 19 Nov 1978 05:00:00 GMT | |
| Last-Modified | Wed, 23 Jul 2025 15:37:52 GMT | |
| ETag | "1753285072" | |
| Vary | Cookie, Origin | |
| Content-Security-Policy | default-src 'self'; script-src 'self' *.xsportscol.lndo.site *.google-analytics.com *.google.com *.xsportshelmets.com *.youtube.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.jsdelivr.net *.tiktok.com *.google.com.co *.cloudflare.com *.googleapis.com *.googleadservices.com *.doubleclick.net; script-src-attr 'self' 'unsafe-inline' *.niucolombia.lndo.site *.google-analytics.com *.google.com *.niucolombia.com *.youtube.com *.gstatic.com *.googleadservices.com *.facebook.com *.facebook.net *.googletagmanager.com *.google.com.co *.googleapis.com *.doubleclick.net *.cloudflare.com; ; style-src 'self' 'unsafe-inline' *.xsportscol.lndo.site *.google-analytics.com *.xsportshelmets.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.googleapis.com *.jsdelivr.net *.tiktok.com *.googleapis.com *.doubleclick.net *.google.com.co; img-src 'self' data: *.xsportscol.lndo.site *.google-analytics.com *.google.com *.google.com.co *.xsportshelmets.com *.youtube.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.tiktok.com *.googleapis.com *.google.com.co; frame-src *.xsportscol.lndo.site *.xsportshelmets.com *.google-analytics.com *.google.com *.youtube.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.tiktok.com *.googleapis.com *.doubleclick.net; font-src 'self' *.xsportscol.lndo.site *.google-analytics.com *.gstatic.com *.googleapis.com *.tiktok.com *.xsportshelmets.com *.google.com *.google.com.co *.googleapis.com *.doubleclick.net data:; connect-src 'self' *.xsportscol.lndo.site *.google-analytics.com *.google.com *.xsportshelmets.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.tiktok.com *.googleapis.com *.doubleclick.net *.google.com.co; report-uri /report-csp-violation | |
| X-Content-Security-Policy | default-src 'self'; script-src 'self' *.xsportscol.lndo.site *.google-analytics.com *.google.com *.xsportshelmets.com *.youtube.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.jsdelivr.net *.tiktok.com *.google.com.co *.cloudflare.com *.googleapis.com *.googleadservices.com *.doubleclick.net; script-src-attr 'self' 'unsafe-inline' *.niucolombia.lndo.site *.google-analytics.com *.google.com *.niucolombia.com *.youtube.com *.gstatic.com *.googleadservices.com *.facebook.com *.facebook.net *.googletagmanager.com *.google.com.co *.googleapis.com *.doubleclick.net *.cloudflare.com; ; style-src 'self' 'unsafe-inline' *.xsportscol.lndo.site *.google-analytics.com *.xsportshelmets.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.googleapis.com *.jsdelivr.net *.tiktok.com *.googleapis.com *.doubleclick.net *.google.com.co; img-src 'self' data: *.xsportscol.lndo.site *.google-analytics.com *.google.com *.google.com.co *.xsportshelmets.com *.youtube.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.tiktok.com *.googleapis.com *.google.com.co; frame-src *.xsportscol.lndo.site *.xsportshelmets.com *.google-analytics.com *.google.com *.youtube.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.tiktok.com *.googleapis.com *.doubleclick.net; font-src 'self' *.xsportscol.lndo.site *.google-analytics.com *.gstatic.com *.googleapis.com *.tiktok.com *.xsportshelmets.com *.google.com *.google.com.co *.googleapis.com *.doubleclick.net data:; connect-src 'self' *.xsportscol.lndo.site *.google-analytics.com *.google.com *.xsportshelmets.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.tiktok.com *.googleapis.com *.doubleclick.net *.google.com.co; report-uri /report-csp-violation | |
| X-WebKit-CSP | default-src 'self'; script-src 'self' *.xsportscol.lndo.site *.google-analytics.com *.google.com *.xsportshelmets.com *.youtube.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.jsdelivr.net *.tiktok.com *.google.com.co *.cloudflare.com *.googleapis.com *.googleadservices.com *.doubleclick.net; script-src-attr 'self' 'unsafe-inline' *.niucolombia.lndo.site *.google-analytics.com *.google.com *.niucolombia.com *.youtube.com *.gstatic.com *.googleadservices.com *.facebook.com *.facebook.net *.googletagmanager.com *.google.com.co *.googleapis.com *.doubleclick.net *.cloudflare.com; ; style-src 'self' 'unsafe-inline' *.xsportscol.lndo.site *.google-analytics.com *.xsportshelmets.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.googleapis.com *.jsdelivr.net *.tiktok.com *.googleapis.com *.doubleclick.net *.google.com.co; img-src 'self' data: *.xsportscol.lndo.site *.google-analytics.com *.google.com *.google.com.co *.xsportshelmets.com *.youtube.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.tiktok.com *.googleapis.com *.google.com.co; frame-src *.xsportscol.lndo.site *.xsportshelmets.com *.google-analytics.com *.google.com *.youtube.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.tiktok.com *.googleapis.com *.doubleclick.net; font-src 'self' *.xsportscol.lndo.site *.google-analytics.com *.gstatic.com *.googleapis.com *.tiktok.com *.xsportshelmets.com *.google.com *.google.com.co *.googleapis.com *.doubleclick.net data:; connect-src 'self' *.xsportscol.lndo.site *.google-analytics.com *.google.com *.xsportshelmets.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.tiktok.com *.googleapis.com *.doubleclick.net *.google.com.co; report-uri /report-csp-violation | |
| X-XSS-Protection | 1; mode=block | |
| Strict-Transport-Security | max-age=31557600; includeSubDomains; preload | |
| From-Origin | same | |
| Referrer-Policy | same-origin | |
| Expect-CT | max-age=86400 | |
| X-Drupal-Cache | HIT | |
| Set-Cookie | Path=/; HttpOnly; SameSite=None; Secure | |
| Miscellaneous | |
| Test date | Fri, 22 Aug 2025 00:06:39 UTC |
| Test duration | 57.206 seconds |
| HTTP status code | 200 |
| HTTP server signature | nginx |
| Server hostname | - |
SSL Report v2.4.1