Professional Documents
Culture Documents
Results For Destaco - Com - 16 - 02 - 2023
Results For Destaco - Com - 16 - 02 - 2023
🔄 Check again
Results for www.destaco.com 🕓 2023-02-16 13:40:55 Etc/UTC
IP address: 151.101.247.10Look up ↗
✅ HTTPS by default
www.destaco.com uses HTTPS by default. HTTPS encrypts nearly all information sent between a
client and a web service. Properly configured, it
⬇
⬇ Certificate guarantees three things:
N/A base domain] A domain instructs browsers that it has enabled HSTS by
returning an HTTP header over an HTTPS connection.
Pass Test
⬇
⬇ How to implement
❌ Referrer Policy
Referrer Policy not set. This means that the default value no- When you click on a link, your browser will typically send
referrer-when-downgrade , leaking referrers in many situations, is the HTTP referer [sic] header to the webserver where the
destination webpage is at. The header contains the full
used.
URL of the page you came from. This lets sites see where
traffic comes from. The header is also sent when external
⬇
⬇ How to implement resources (such as images, fonts, JS and CSS) are
loaded.
script https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f
10879b1484195e80d1/AppMeasurement.min.js
script https://assets.adobedtm.com/59b4ab82adc6/42c756d0609d/l
aunch-acc1f54f3a33.min.js
script https://cdn.datatables.net/1.11.4/js/jquery.dataTables.
js
css https://cdn.datatables.net/1.11.4/css/jquery.dataTable
Type URL
s.css
script https://cdn.jsdelivr.net/npm/instantsearch.js@4.10.0
script https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algol
iasearch-lite.umd.js
script https://cdn.jsdelivr.net/algoliasearch/3.32.0/algoliase
archLite.min.js
css https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes
/algolia-min.css
script https://polyfill.io/v3/polyfill.min.js?features=defaul
t%2CArray.prototype.find%2CArray.prototype.inc...
script https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.
1.1/js/all.min.js
css //fonts.googleapis.com/css2?display=swap&family=Lato:wg
ht@400;700
Please instal the webfonts on your own Webservers.
script https://cdn.jsdelivr.net/npm/search-insights@1.6.3
⬇
⬇ How to implement
The Subresource Integrity test is based on the one from the Mozilla HTTP Observatory
scanner/grader project (Mozilla Public License 2.0) by April King, reimplemented by us
for Webbkoll.
HTTP headers
Pass Header Value Result The X-Content-Type-Options response HTTP header
is a marker used by the server to indicate that the MIME
types advertised in the Content-Type headers should
✅ Yes X-Content-Type- nosniff X-Content-Type-Options header not be changed and be followed. This allows to opt-out
Options set to "nosniff" of MIME type sniffing, or, in other words, it is a way to
say that the webmasters knew what they were doing.
⬇
⬇ How to implement Note: The Content-Security-Policy HTTP header
has a frame-ancestors directive which obsoletes this
The header tests are based on the ones from the Mozilla HTTP Observatory header for supporting browsers.
scanner/grader project (Mozilla Public License 2.0) by April King, reimplemented by us — MDN, X-Frame-Options, Mozilla Contributors, CC BY-
for Webbkoll. The explanatory texts are from the Observatory by Mozilla website, CC- SA 2.5
Cookies
First-party cookies (7)
HttpOnly Secure
Domain Name Value Expires on SameSite
HttpOnly means that the cookie can only be read by the server, and not by JavaScript on the client. This
can mitigate XSS (cross-site scripting) attacks.
Secure means that the cookie will only be sent over a secure channel (HTTPS). This can mitigate MITM
(man-in-the-middle) attacks.
SameSite can be used to instruct the browser to only send the cookie when the request is originating from
the same site. This can mitigate CSRF (cross-site request forgery) attacks.
⚖ GDPR: Rec. 60, Rec. 61, Rec. 69, Rec. 70, Rec. 75, Rec. 78, Art. 5.1.a, Art. 5.1.c, Art. 5.1.e, Art. 21, Art. 22, Art. 32.
⬇
⬇ More information
localStorage
localStorage used: Like with cookies, web storage can be used to store data
in a user's browser. Unlike cookies, web storage data is
Key Value not sent with HTTP requests: it can only be directly set
and accessed by the user's browser (through JavaScript).
Compared to cookies, the storage capacity is much
algoliasearch-client-js {} larger.
Third-party requests
46 requests (46 secure, 0 insecure) to 15 unique hosts.
A third-party request is a request to a domain that's not destaco.com or one of its subdomains.
assets.adobedtm.com 2a02:26f0:9500:1297::1e80 ⬇
⬇ Show
(5)
cdn.cookielaw.org 2606:4700::6813:bc61 ⬇
⬇ Show
(7)
cdn.datatables.net 2606:4700:10::ac43:e8b ⬇
⬇ Show
(2)
cdn.jsdelivr.net 2a04:4e42:3a::485 ⬇
⬇ Show
(5)
cdnjs.cloudflare.com 2606:4700::6811:190e ⬇
⬇ Show
(1)
fonts.cdnfonts.com 2606:4700:20::681a:f3e ⬇
⬇ Show
(2)
geolocation.onetrust.com 2606:4700:4400::ac40:9062 ⬇
⬇ Show
(1)
polyfill.io 2a04:4e42:600::282 ⬇
⬇ Show
(2)
s7dp4qp5w8-dsn.algolia.net 74.201.192.133 ⬇
⬇ Show
(4)
ucarecdn.com 2001:2030:22::3e73:fdc1 ⬇
⬇ Show
(1)
We use Mozilla's version of Disconnect's open source list of trackers to classify hosts.
IP address
The server www.destaco.com had the IP address 151.101.247.10 ⚠ Some sites use CDNs – content delivery networks ↗ –
during our test. in which case the server location might vary depending
on the location of the visitor. This tool, Webbkoll, is
You can find information about this IP address using third-party tools currently on a server in Finland.
such as the following: ⚖ Under the GDPR, all EU/EEA countries are considered
equally trustworthy, so there is no particular reason under
!"bgp.he.net the GDPR to consider any EU country more or less reliable
!"KeyCDN or desirable than any other. The importance of the
location of a server comes into play only under GDPR Art.
!"iplocation.io 23, Restrictions, where member states may invoke a
number of reasons, notably national security, that enable
When using tools that do geolocation, please note that the estimated them to void protections for visitors or web service
country can be wrong, especially for websites that use CDNs. providers.
Raw headers
Header Value
accept-ranges bytes
access-control-allow-origin *
age 0
cache-control max-age=300
content-encoding gzip
content-length 29321
Header Value
content-type text/html;charset=utf-8
vary Accept-Encoding
x-cache MISS
x-content-type-options nosniff
x-frame-options SAMEORIGIN
x-served-by cache-hel1410023-HEL
x-timer S1676554841.372018,VS0,VS0,VE594
x-vhost destaco
External files such as images, scripts and CSS are loaded, but the tool performs no interactions with the
page — no links are clicked, no forms are submitted.
Disclaimer: The results presented here might not be 100% correct. Bugs happen. This tool is meant to be
used by site owners as a starting point for improvements, not as a rigorous analysis.
Text about HTTPS partly adapted from the CIO Council's The HTTPS-Only Standard (public domain). See
here for more information.
Test results are stored in memory on our server for 24 hours. We The code is available on Codeberg.
don't show a list of tested URLs. We don't use URLs or test
Feedback? Questions? info@dataskydd.net
results. We don't log IP addresses. We use one essential session
cookie, _webbkoll_key, to prevent CSRF attacks. Fediverse/Mastodon: @dataskyddnet@eupolicy.social