Scan your site now

Security Report Summary
B
Site:
Scanned Site(s):
1
IP Address:
139.180.191.112
Report Time:
28 Sep 2020 05:38:51 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /*! loadCSS rel=preload polyfill. [c]2017 Filament Group, Inc. MIT License */[https://docungtamlinhviet.com/mam-le-cung-day-thang-cho-be-gai/]
  • /* <![CDATA[ */[https://docungtamlinhviet.com/mam-le-cung-day-thang-cho-be-gai/]
  • /* ]]> */[https://docungtamlinhviet.com/mam-le-cung-day-thang-cho-be-gai/]
  • /* <![CDATA[ */[https://docungtamlinhviet.com/mam-le-cung-day-thang-cho-be-gai/]
  • /* ]]> */[https://docungtamlinhviet.com/mam-le-cung-day-thang-cho-be-gai/]
  • /* <![CDATA[ */[https://docungtamlinhviet.com/mam-le-cung-day-thang-cho-be-gai/]
  • /* ]]> */[https://docungtamlinhviet.com/mam-le-cung-day-thang-cho-be-gai/]
  • /*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license | WordPress 2019-05-16 */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! This file is auto-generated */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! cookie function. get, set, or forget a cookie. [c]2014 @scottjehl, Filament Group, Inc. Licensed MIT */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! * Flickity PACKAGED v2.1.2 * Touch, responsive, flickable carousels * * Licensed GPLv3 for open source use * or Flickity Commercial License for commercial use * * https://flickity.metafizzy.co * Copyright 2015-2018 Metafizzy */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! * getSize v2.0.3 * measure size of elements * MIT license */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! * Unipointer v2.3.0 * base class for doing one thing with pointer event * MIT license */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! * Unidragger v2.3.0 * Draggable base class * MIT license */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! * Tap listener v2.0.0 * listens to taps * MIT license */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! * Flickity v2.1.2 * Touch, responsive, flickable carousels * * Licensed GPLv3 for open source use * or Flickity Commercial License for commercial use * * https://flickity.metafizzy.co * Copyright 2015-2018 Metafizzy */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! * Flickity asNavFor v2.0.1 * enable asNavFor for Flickity */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! * imagesLoaded v4.1.4 * JavaScript is all like "You images are done yet or what?" * MIT License */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! * Flickity imagesLoaded v2.0.0 * enables imagesLoaded option for Flickity */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /** * sticky-sidebar - A JavaScript plugin for making smart and high performance. * @version v3.3.1 * @link https://github.com/abouolia/sticky-sidebar * @author Ahmed Bouhuolia * @license The MIT License (MIT) **/[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! Waypoints - 4.0.1 Copyright © 2011-2016 Caleb Troughton Licensed under the MIT license. https://github.com/imakewebthings/waypoints/blob/master/licenses.txt */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! npm.im/object-fit-images 3.2.4 */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /** * Object Fit Videos * Polyfill for object-fit and object-position CSS properties on video elements * Covers IE9, IE10, IE11, Edge, Safari <10 * * Usage * In your CSS, add a special font-family tag for IE/Edge * video { * object-fit: cover; * font-family: 'object-fit: cover;'; * } * * Before the closing body tag, or whenever the DOM is ready, * make the JavaScript call * objectFitVideos(); * * All video elements with the special CSS property will be targeted * * @license MIT (https://opensource.org/licenses/MIT) * @author Todd Miller <todd.miller@tricomb2b.com> * @version 1.0.2 * @changelog * 2016-08-19 - Adds object-position support. * 2016-08-19 - Add throttle function for more performant resize events * 2016-08-19 - Initial release with object-fit support, and * object-position default 'center' * 2016-10-14 - No longer relies on window load event, instead requires a specific * function call to initialize the videos for object fit and position. * 2016-11-28 - Support CommonJS environment, courtesy of @msorensson * 2016-12-05 - Refactors the throttling function to support IE * 2017-09-26 - Fix an issue with autplay not working on polyfilled videos * - Adds the capability to specify elements to polyfill, * instead of just checking every video element for the * CSS property. Slight performance gain in most usecases, * and a bigger gain in a few usecases. * 2017-10-24 - Add user agent check to enable polyfill for all Edge browsers. * object-fit is supported on Edge >= 16, but currently just for images. */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • /*! This file is auto-generated */[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log('Tooltipster: one or more tooltips are already attached to this element: ignoring. Use the "multiple" option to attach more tooltips.'):i=!0,i&&(s=new n(this,e[0]),o||(o=[]),o.push(s.namespace),t(this).data("tooltipster-ns",o),t(this).data(s.namespace,s)),r.push(s)}),a?r:this};var c=!!("ontouchstart"in e),u=!1;t("body").one("mousemove",function(){u=!0})}(jQuery,window,document)},function(t,e,i){(function(t){"use strict";function e(t){return t&&t.__esModule?t:{default:t}}var n=i(25),o=e(n);[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • console.log(t)}var r,s=function(){var t=function(t,e,i){fixedtocOption[t]="int"==i?n(e):"float"==i?function(t){return parseFloat(t)||0}(e):e},e=function(t){switch(t){case"thin":return 1;case"medium":return 2;case"bold":return 5;default:return 0}};return{init:function(){fixedtocOption.scrollDuration=500,fixedtocOption.fadeTriggerDuration=5e3,fixedtocOption.scrollOffset=n(fixedtocOption.scrollOffset),fixedtocOption.fixedOffsetX=n(fixedtocOption.fixedOffsetX),fixedtocOption.fixedOffsetY=n(fixedtocOption.fixedOffsetY),fixedtocOption.contentsFixedHeight=n(fixedtocOption.contentsFixedHeight),fixedtocOption.contentsWidthInPost=n(fixedtocOption.contentsWidthInPost),fixedtocOption.contentsHeightInPost=n(fixedtocOption.contentsHeightInPost),fixedtocOption.triggerBorderWidth=e(fixedtocOption.triggerBorder),fixedtocOption.contentsBorderWidth=e(fixedtocOption.contentsBorder),fixedtocOption.triggerSize=n(fixedtocOption.triggerSize)},set:t,update:function(n,e,i){t(n,e,i)},remove:function(t){void 0!==fixedtocOption[t]&&delete fixedtocOption[t]}}}(),f={inWidgetProp:void 0,showAdminbar:function(){return fixedtocOption.showAdminbar},isQuickMin:function(){return fixedtocOption.isQuickMin},isEscMin:function(){return fixedtocOption.isEscMin},isEnterMax:function(){return fixedtocOption.isEnterMax},isNestedList:function(){return fixedtocOption.isNestedList},isColExpList:function(){return fixedtocOption.isColExpList},showColExpIcon:function(){return fixedtocOption.showColExpIcon},isAccordionList:function(){return fixedtocOption.isAccordionList},showTargetHint:function(){return!0},supportInPost:function(){return fixedtocOption.inPost},inWidget:function(){return!!fixedtocOption.inWidget&&(void 0===this.inWidgetProp&&(this.inWidgetProp=!!t("#ftwp-widget-container").length),this.inWidgetProp)},fixedWidget:function(){return!!this.inWidget()&&fixedtocOption.fixedWidget},isAutoHeightFixedToPost:function(){return 0==fixedtocOption.contentsFixedHeight},isFloat:function(){return"none"!=fixedtocOption.contentsFloatInPost},isAutoHeightInPost:function(){return 0==fixedtocOption.contentsHeightInPost},isPositionAtFixed:function(t){return-1!=fixedtocOption.fixedPosition.indexOf(t)},isDebug:function(){return 1==fixedtocOption.debug},isNotBlur:function(){var t=navigator.userAgent.toLowerCase();[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
  • console.log("OneSignal: Using fallback ES5 Stub for backwards compatibility.");[https://q8d6w6q8.rocketcdn.me/wp-content/cache/min/1/d0e2b494bfb05b2c00facf95043a4a0b.js]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
Mâm lễ cúng đầy tháng cho bé GÁI, bé TRAI trọn gói - Tâm Linh Việt