百度一下，你就知道

HTTPS

DOEL_ANALYSE

www.baidu.com

IP: 103.235.46.102

ASN: AS55967

Een uitgebreid beveiligings- en netwerkanalyserapport voor www.baidu.com. Server: BWS/1.1. Gehost in CN.

Primaire Poort: 443
Scantijd: 9/14/2025, 11:08:15 PM
Deelbare Rapportlink: https://sechttp.com/scan/www.baidu.com

Gedetailleerde Beveiligingsanalyse

Aanvalspad & DDoS-verdedigingsanalyse

Aanvaller

L4-verkeer

L7-verkeer

AS55967 (BWS/1.1 POP)

L4 Verdedigd

L7 Omzeild

L4 Geblokkeerd

L7-verkeer

Uw Server

Verdedigingsoverzicht

Hoewel BWS/1.1 robuuste bescherming biedt tegen Layer 4 (netwerklaag) aanvallen, blijft uw server mogelijk kwetsbaar voor geavanceerde Layer 7 (toepassingslaag) aanvallen die standaard CDN-verdedigingen kunnen omzeilen. Aanvullende WAF-regels en beveiligingsmaatregelen aan de applicatiekant worden aanbevolen.

Laag 4 Verdediging

BWS/1.1 Biedt robuuste bescherming tegen SYN-flood, UDP-versterking en volumetrische aanvallen aan de netwerkrand.

Laag 7 Kwetsbaarheden

Aanvallen op de toepassingslaag die gericht zijn op 3 blootgestelde API-eindpunten vereisen aanvullende WAF-regels en snelheidsbeperking.

Openbaarmaking Serverinformatie

LOW

INFO-001

Beschrijving

De server maakt zijn softwaretype bekend: BWS/1.1. Dit kan aanvallers helpen potentiële kwetsbaarheden te identificeren.

Aanbeveling

Configureer uw webserver om de Server-header te verbergen of aan te passen om openbaarmaking van informatie te voorkomen.

Ontbrekende X-Frame-Options Header

MEDIUM

SEC-002

Beschrijving

De site is niet beschermd tegen clickjacking-aanvallen.

Aanbeveling

Voeg de X-Frame-Options header toe met de waarde 'DENY' of 'SAMEORIGIN' om clickjacking te voorkomen.

Blootstelling Gevoelige Informatie in JavaScript

HIGH

JS-001

Beschrijving

Gevonden 193 mogelijk gevoelige variabelen blootgesteld in client-side JavaScript-code.

Aanbeveling

Controleer en verwijder gevoelige informatie uit client-side code. Gebruik omgevingsvariabelen en server-side verwerking voor gevoelige gegevens.

root@sechttp: /var/log/fuzz

 root@sechttp : ~ $ 
 >  [Code: 200]  
http://opendata.baidu.com/api.php [GEVOELIG LEK]  
 >  [Code: 403]  
http://j.br.baidu.com/v1/t/ui/p/browser/tn/10105001/ch_dl_url  [VERBODEN] 
 >  [Code: 404]  
https://passport.baidu.com/v2/?login&tpl=mn&u=   
 [+] Scan voltooid. Gevonden 1 potentiële lekken. 
root@sechttp:~$

Poortscanresultaten

   Poort Dienst Status Versie 
HTTP  GESLOTEN   -  
HTTPS  OPEN   TLS 1.3  
SSH  GEFILTERD   -  
MySQL  GESLOTEN   -  
  

Poort	Dienst	Status	Versie
80	HTTP	GESLOTEN	-
443	HTTPS	OPEN	TLS 1.3
22	SSH	GEFILTERD	-
3306	MySQL	GESLOTEN	-

HTTP Headers Analyse

p3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM " 
date: Sun, 14 Sep 2025 23:07:59 GMT 
vary: Accept-Encoding 
bdqid: 0xc509d0dd020acb24 
tr_id: super_0xc509d0dd020acb24 
server: BWS/1.1 
traceid: 1757891279256834535414198108947902810916 
bdpagetype: 1 
connection: keep-alive 
set-cookie:BAIDUID=9E8ABA6581E1FA24816F19F062B4AE51:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
BIDUPSID=9E8ABA6581E1FA24816F19F062B4AE51; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
PSTM=1757891279; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
BAIDUID=9E8ABA6581E1FA24F5169361E865D131:FG=1; max-age=31536000; expires=Mon, 14-Sep-26 23:07:59 GMT; domain=.baidu.com; path=/; version=1; comment=bd
BDSVRTM=2; path=/
BD_HOME=1; path=/
content-type: text/html; charset=utf-8 
content-length: 658175 
x-ua-compatible: IE=Edge,chrome=1 
x-xss-protection: 1;mode=block 
strict-transport-security: max-age=172800 

ASN Informatie

ASN: AS55967

IP Adres: 103.235.46.102

Netwerkprefix: 103.235.46.0/24

Organisatie: Baidu

Land:

🇨🇳 CN

Naam: Baidu

Upstream Providers (7)

AS6453

TATA COMMUNICATIONS (AMERICA) INC

🇺🇸 US

upstream

AS3491

CONSOLE-CONNECT-ASN

PCCW Global, Inc.

🇺🇸 US

upstream

AS6939

HURRICANE

Hurricane Electric LLC

🇺🇸 US

upstream

AS2914

NTT-DATA-2914

NTT America, Inc.

🇺🇸 US

upstream

AS6762

SEABONE-NET

TELECOM ITALIA SPARKLE S.p.A.

🇮🇹 IT

upstream

AS6453

TATA COMMUNICATIONS (AMERICA) INC

🇺🇸 US

upstream

AS6939

HURRICANE

Hurricane Electric LLC

🇺🇸 US

upstream

Internet Exchange Punten (11)

🇸🇬

Equinix Singapore

10 Gbps

Bandwidth

🇸🇬

BBIX Singapore

10 Gbps

Bandwidth

🇸🇬

Equinix Singapore

10 Gbps

Bandwidth

🇯🇵

BBIX Tokyo

10 Gbps

Bandwidth

🇯🇵

BBIX Tokyo

10 Gbps

Bandwidth

🇺🇸

Any2East

10 Gbps

Bandwidth

🇩🇪

DE-CIX Frankfurt

10 Gbps

Bandwidth

🇭🇰

HKIX

10 Gbps

Bandwidth

🇭🇰

HKIX

10 Gbps

Bandwidth

🇭🇰

Equinix Hong Kong

100 Gbps

Bandwidth

🇭🇰

Equinix Hong Kong

100 Gbps

Bandwidth

JavaScript Analyse

Security Analysis Alert

Client-side code analysis has identified potential security vulnerabilities and information disclosure risks.

Blootgestelde JavaScript Variabelen

193 Found

Variables exposed in client-side code that may contain sensitive information

# Security Assessment: Variable Exposure Analysis
 
LEAK
 
URL
 _e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
api
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
env
 pc 

Risk: Information disclosure via client-side exposure
 
LEAK
 
key
 destroy 

Risk: Information disclosure via client-side exposure
 
LEAK
 
sid
 s_session 

Risk: Information disclosure via client-side exposure
 
LEAK
 
url
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
URLS
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
code
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
furl
 +encodeURIComponent(p.substring(0,p.length-1))),$.ajax({url: 

Risk: Information disclosure via client-side exposure
 
LEAK
 
isid
 +Rt+ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keys
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
osid
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ssid
 s_session 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urls
 +l.join( 

Risk: Information disclosure via client-side exposure
 
LEAK
 
absId
 absId 

Risk: Information disclosure via client-side exposure
 
LEAK
 
addEV
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
appid
 12133 

Risk: Information disclosure via client-side exposure
 
LEAK
 
aside
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
b.url
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
c_url
 +encodeURIComponent(t),n=new Image,a= 

Risk: Information disclosure via client-side exposure
 
LEAK
 
cburl
 .concat(encodeURIComponent(t), 

Risk: Information disclosure via client-side exposure
 
LEAK
 
codes
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
email
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
furls
 encodeURIComponent 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyOf
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyup
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
posId
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
posid
 +r+ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
resId
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
resid
 n 

Risk: Information disclosure via client-side exposure
 
LEAK
 
toUrl
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
token
 n 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Ah.sid
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Cookie
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
NUMBER
 2 

Risk: Information disclosure via client-side exposure
 
LEAK
 
access
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
apkUrl
 m 

Risk: Information disclosure via client-side exposure
 
LEAK
 
appUrl
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
assign
 ft 

Risk: Information disclosure via client-side exposure
 
LEAK
 
author
 Ronen Ness 

Risk: Information disclosure via client-side exposure
 
LEAK
 
codeAt
 cp 

Risk: Information disclosure via client-side exposure
 
LEAK
 
codecs
 vorbis 

Risk: Information disclosure via client-side exposure
 
LEAK
 
cookie
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
design
 paramtypes 

Risk: Information disclosure via client-side exposure
 
LEAK
 
domain
 +o: 

Risk: Information disclosure via client-side exposure
 
LEAK
 
encode
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
fb_url
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
gitUrl
 https://github.com/RonenNess/ExpiredStorage 

Risk: Information disclosure via client-side exposure
 
LEAK
 
gpsApi
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyFor
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyMap
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
mapapi
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
modEvt
 evt 

Risk: Information disclosure via client-side exposure
 
LEAK
 
newKey
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
number
 u 

Risk: Information disclosure via client-side exposure
 
LEAK
 
qrcode
 2 

Risk: Information disclosure via client-side exposure
 
LEAK
 
sslurl
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
stoken
 o 

Risk: Information disclosure via client-side exposure
 
LEAK
 
tmpurl
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
API_URL
 bds 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ERR_URL
 bds 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_getKey
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
apiType
 100 

Risk: Information disclosure via client-side exposure
 
LEAK
 
baseURL
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
baseUrl
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
bsToken
 +r,type: 

Risk: Information disclosure via client-side exposure
 
LEAK
 
downUrl
 http://j.br.baidu.com/v1/t/ui/p/browser/tn/10105001/ch_dl_url 

Risk: Information disclosure via client-side exposure
 
LEAK
 
fastKey
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
findKey
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
hintUrl
 r 

Risk: Information disclosure via client-side exposure
 
LEAK
 
img_key
 "_WWW_BR_API_"+(new Date).getTime() 

Risk: Information disclosure via client-side exposure
 
LEAK
 
jumpUrl
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyPath
 key 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keydown
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
mapKeys
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ownKeys
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
pageUrl
 location 

Risk: Information disclosure via client-side exposure
 
LEAK
 
rsv_sid
 this 

Risk: Information disclosure via client-side exposure
 
LEAK
 
sendUrl
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
session
 s_session 

Risk: Information disclosure via client-side exposure
 
LEAK
 
signNum
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
t.appid
 12133 

Risk: Information disclosure via client-side exposure
 
LEAK
 
testUrl
 Th 

Risk: Information disclosure via client-side exposure
 
LEAK
 
wxAppid
 wx5f691c1d07b5b392 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ACCESSOR
 4 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_evalUrl
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
addEvent
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
buildURL
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
charCode
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
cityCode
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
citycode
 +cityCode+ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
data.sid
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
flashUrl
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ieLibUrl
 //www.baidu.com/cache/fpid/ielib_1_1.js 

Risk: Information disclosure via client-side exposure
 
LEAK
 
indexSid
 bds 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyValue
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyvalue
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
libjsUrl
 //www.baidu.com/cache/fpid/lib_1_0.js 

Risk: Information disclosure via client-side exposure
 
LEAK
 
password
 Me 

Risk: Information disclosure via client-side exposure
 
LEAK
 
rsv_isid
 +bds.comm.indexSid),e.no_predict&&(s+= 

Risk: Information disclosure via client-side exposure
 
LEAK
 
startAPI
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
tokenize
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
xn.aside
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_iterKeys
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
bindEvent
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
data.osid
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
failedUrl
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getCookie
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
isKeyDown
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
loadEvent
 c 

Risk: Information disclosure via client-side exposure
 
LEAK
 
setCookie
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
staticUrl
 https://pss.bdstatic.com/r/www/cache/static/protocol/https 

Risk: Information disclosure via client-side exposure
 
LEAK
 
testAudio
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
trueResId
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
un.NUMBER
 2 

Risk: Information disclosure via client-side exposure
 
LEAK
 
updateURL
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urlParams
 Lt 

Risk: Information disclosure via client-side exposure
 
LEAK
 
wrapInner
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_bindEvent
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
decodeHTML
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
encodeHTML
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
extend_url
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keywatched
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
native_url
 .concat(encodeURIComponent(e))},appStoreUrl: 

Risk: Information disclosure via client-side exposure
 
LEAK
 
requestUrl
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
statusCode
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
typeNumber
 +e+ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_isValidKey
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
appStoreUrl
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
buildInKeys
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clearCookie
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientWidth
 f 

Risk: Information disclosure via client-side exposure
 
LEAK
 
encodeArray
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
iosStoreUrl
 k 

Risk: Information disclosure via client-side exposure
 
LEAK
 
lastMapItem
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
onurlchange
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
otherLibUrl
 //www.baidu.com/cache/fpid/chromelib_1_1.js 

Risk: Information disclosure via client-side exposure
 
LEAK
 
qrcodehover
 1100000007 

Risk: Information disclosure via client-side exposure
 
LEAK
 
responseURL
 r 

Risk: Information disclosure via client-side exposure
 
LEAK
 
rsv_clk_url
 h 

Risk: Information disclosure via client-side exposure
 
LEAK
 
successCode
 0 

Risk: Information disclosure via client-side exposure
 
LEAK
 
un.ACCESSOR
 4 

Risk: Information disclosure via client-side exposure
 
LEAK
 
writeCookie
 writeCookie 

Risk: Information disclosure via client-side exposure
 
LEAK
 
DOMTokenList
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
advChangeUrl
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientHeight
 m 

Risk: Information disclosure via client-side exposure
 
LEAK
 
cookieSwitch
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
encodeString
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
extChangeUrl
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getCheckCode
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getKeyRecord
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getSearchUrl
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
removeCookie
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
reverseIdKey
 data-reverse-id 

Risk: Information disclosure via client-side exposure
 
LEAK
 
toDateString
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urlArgsIndex
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
SVGNumberList
 0 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_createCookie
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
asideStyleTpl
 this 

Risk: Information disclosure via client-side exposure
 
LEAK
 
baseChangeUrl
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
base_url_path
 http://f3.baidu.com 

Risk: Information disclosure via client-side exposure
 
LEAK
 
centerPageUrl
 r 

Risk: Information disclosure via client-side exposure
 
LEAK
 
dataAndEvents
 deepDataAndEvents 

Risk: Information disclosure via client-side exposure
 
LEAK
 
domainLookupT
 o 

Risk: Information disclosure via client-side exposure
 
LEAK
 
fileChangeUrl
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
langChangeUrl
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
m.MODE_NUMBER
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ClientRectList
 0 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getCacheBySign
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
URLSearchParams
 z 

Risk: Information disclosure via client-side exposure
 
LEAK
 
config.flashUrl
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
newHectorCookie
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
oldHectorCookie
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
qp.DOMTokenList
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
setupTypeNumber
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
checkTokenCopied
 _ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
deleteCacheByEnv
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getBCHTypeNumber
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
qp.SVGNumberList
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
testLocalStorage
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
FAILEDURL_SUCCESS
 10004 

Risk: Information disclosure via client-side exposure
 
LEAK
 
createStandardXHR
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
matcherFromTokens
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
qp.ClientRectList
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
setPositiveNumber
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
boundingClientRect
 s 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Hm.FAILEDURL_SUCCESS
 10004 

Risk: Information disclosure via client-side exposure
 
LEAK
 
exports.DOMTokenList
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
tabTimeClickInBucket
 7000100000 

Risk: Information disclosure via client-side exposure
 
LEAK
 
exports.SVGNumberList
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_expiration_key_prefix
 __expired_storage_ts__ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
exports.ClientRectList
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ERR_ACCESSORS_NOT_SUPPORTED
 getters & setters can not be defined on this javascript engine 

Risk: Information disclosure via client-side exposure
 
Total: 193 exposed variables found

API Domein Analyse

82 Domains

External API domains discovered in client-side code

EXTERNAL_API_DOMAIN

sp1.baidu.com

Reachable

HTTPS Enabled

Security Note: