Scanners
SSL Certificate
SSL Certificate Expired
The SSL/TLS certificate must be valid and correctly configured to ensure secure communication, protecting data confidentiality and integrity.
Encryption
No Secure SSL Ciphers Supported
Allows potential exploitation of insecure SSL ciphers, compromising data confidentiality and system integrity.
Deprecated cipher used
May lead to weakened encryption, making data vulnerable to interception or tampering.
Unsafe Headers
Strict-Transport-Security Not Set
The implementation of HTTPS is crucial to protect against downgrade attacks and ensure secure cookie handling over encrypted channels.
Content-Security-Policy Not Set
A well-configured Content-Security-Policy reduces the risk of cross-site scripting (XSS) and data injection attacks by restricting content sources.
X-Frame-Options Not Set
Embedding a website in frames or iframes should be controlled to prevent clickjacking attacks.
X-Content-Type-Options Not Set
MIME type sniffing can be prevented by ensuring that browsers interpret files based on their declared content type.
Referrer-Policy Not Set
Control over what information is shared in the Referer header during navigation is essential for maintaining privacy and security.
Permissions-Policy Not Set
This header defines which features and APIs a website can use, helping improve both security and privacy.
X-XSS-Protection Not Set
XSS attacks can be mitigated by enabling browser-level protection mechanisms through this header.
Expect-CT Not Set
This header ensures that certificates are logged in a Certificate Transparency log, helping prevent misissued certificates.
Access-Control-Allow-Origin Not Set
Defines cross-origin resource sharing (CORS) rules, ensuring that only trusted domains can access specific resources.
Strict-Transport-Security Misconfigured
The implementation of HTTPS is crucial to protect against downgrade attacks and ensure secure cookie handling over encrypted channels.
Content-Security-Policy Misconfigured (Missing or invalid)
A well-configured Content-Security-Policy reduces the risk of cross-site scripting (XSS) and data injection attacks by restricting content sources.
X-Frame-Options Misconfigured
Embedding a website in frames or iframes should be controlled to prevent clickjacking attacks.
X-Content-Type-Options Misconfigured
MIME type sniffing can be prevented by ensuring that browsers interpret files based on their declared content type.
Referrer-Policy Misconfigured (Missing or invalid)
Control over what information is shared in the Referer header during navigation is essential for maintaining privacy and security.
Permissions-Policy Misconfigured (Missing or invalid)
This header defines which features and APIs a website can use, helping improve both security and privacy.
X-XSS-Protection Misconfigured
XSS attacks can be mitigated by enabling browser-level protection mechanisms through this header.
Expect-CT Misconfigured (Missing or invalid)
This header ensures that certificates are logged in a Certificate Transparency log, helping prevent misissued certificates.
Access-Control-Allow-Origin Misconfigured
Defines cross-origin resource sharing (CORS) rules, ensuring that only trusted domains can access specific resources.
Referrer-Policy Present but not a recommended policy
Control over what information is shared in the Referer header during navigation is essential for maintaining privacy and security.