ZAP Scanning Report

The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache

HTTP/1.1 200 OK
Date: Fri, 24 May 2024 16:52:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 470
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">

<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel=icon href="https://icoholder.com/files/img/f0794c16c06c9e501fd236e1765a430f.jpeg" type="image/x-icon" />
<link rel="stylesheet" href="../static/css/index.css">
<title>BingX</title>
<style>
</style>
</head>
<body>

</body>
</html>

GET http://wade0125studio.ddns.net/robots.txt HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache

HTTP/1.1 200 OK
Date: Fri, 24 May 2024 16:52:53 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 20
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

This is a robots.txt

GET http://wade0125studio.ddns.net/sitemap.xml HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache

HTTP/1.1 200 OK
Date: Fri, 24 May 2024 16:52:53 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 21
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

This is a sitemap.xml

GET http://wade0125studio.ddns.net/static/css/index.css HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://wade0125studio.ddns.net

HTTP/1.1 200 OK
Date: Fri, 24 May 2024 16:52:53 GMT
Content-Disposition: inline; filename=index.css
Content-Type: text/css; charset=utf-8
Content-Length: 249
Last-Modified: Fri, 24 May 2024 11:30:16 GMT
Cache-Control: no-cache, no-store, must-revalidate
ETag: "1716550216.120982-249-968429405"
Date: Fri, 24 May 2024 16:52:53 GMT
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

body {
margin: 0;
padding: 0;
font-family: Arial, sans-serif;
background-image: url("../static/imgs/e301c4f8-0158-4511-8cb8-036bc0cc6f14.jpg");
background-size: cover;
background-position: center;
height: 100vh;
}

Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
pragma: no-cache
cache-control: no-cache

HTTP/1.1 429 TOO MANY REQUESTS
Date: Fri, 24 May 2024 16:53:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 117
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!doctype html>
<html lang=en>
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>5 per 1 minute</p>

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
pragma: no-cache
cache-control: no-cache

HTTP/1.1 429 TOO MANY REQUESTS
Date: Fri, 24 May 2024 16:53:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 117
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!doctype html>
<html lang=en>
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>5 per 1 minute</p>

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
pragma: no-cache
cache-control: no-cache

HTTP/1.1 429 TOO MANY REQUESTS
Date: Fri, 24 May 2024 16:53:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 117
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!doctype html>
<html lang=en>
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>5 per 1 minute</p>

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
pragma: no-cache
cache-control: no-cache

HTTP/1.1 429 TOO MANY REQUESTS
Date: Fri, 24 May 2024 16:53:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 117
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!doctype html>
<html lang=en>
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>5 per 1 minute</p>

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
pragma: no-cache
cache-control: no-cache

HTTP/1.1 429 TOO MANY REQUESTS
Date: Fri, 24 May 2024 16:53:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 117
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!doctype html>
<html lang=en>
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>5 per 1 minute</p>

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
pragma: no-cache
cache-control: no-cache

HTTP/1.1 429 TOO MANY REQUESTS
Date: Fri, 24 May 2024 16:53:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 117
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!doctype html>
<html lang=en>
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>5 per 1 minute</p>

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
pragma: no-cache
cache-control: no-cache

HTTP/1.1 429 TOO MANY REQUESTS
Date: Fri, 24 May 2024 16:53:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 117
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!doctype html>
<html lang=en>
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>5 per 1 minute</p>

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
pragma: no-cache
cache-control: no-cache

HTTP/1.1 429 TOO MANY REQUESTS
Date: Fri, 24 May 2024 16:53:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 117
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!doctype html>
<html lang=en>
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>5 per 1 minute</p>

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
pragma: no-cache
cache-control: no-cache

HTTP/1.1 429 TOO MANY REQUESTS
Date: Fri, 24 May 2024 16:53:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 117
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!doctype html>
<html lang=en>
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>5 per 1 minute</p>

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
pragma: no-cache
cache-control: no-cache

HTTP/1.1 429 TOO MANY REQUESTS
Date: Fri, 24 May 2024 16:53:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 117
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!doctype html>
<html lang=en>
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>5 per 1 minute</p>

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
pragma: no-cache
cache-control: no-cache

HTTP/1.1 429 TOO MANY REQUESTS
Date: Fri, 24 May 2024 16:53:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 117
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!doctype html>
<html lang=en>
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>5 per 1 minute</p>

GET http://wade0125studio.ddns.net HTTP/1.1
host: wade0125studio.ddns.net
user-agent: msnbot/1.1 (+http://search.msn.com/msnbot.htm)
pragma: no-cache
cache-control: no-cache

HTTP/1.1 429 TOO MANY REQUESTS
Date: Fri, 24 May 2024 16:53:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 117
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
X-Powered-By:
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Feature-Policy: none
X-Permitted-Cross-Domain-Policies: none
X-Download-Options: noopen
X-Robots-Tag: none
X-DNS-Prefetch-Control: off
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self'; manifest-src 'self'; frame-src 'self';
Connection: close

<!doctype html>
<html lang=en>
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>5 per 1 minute</p>