Web & Email Security Test

← Web Test Home

Test Information

TargetInter--linked.com

Resolved To:http://Inter--linked.com/

IPv4:

Scan ID #:104

Scan Time (UTC):2021-02-21 17:42:59

Response Code (HTTP):200

Response Code (HTTPS):0

Score:0/115

Tests Passed:17/25

Domain Information

Changed:

2021-02-20

Created:

2021-02-20

Expires:

2022-02-20

Related Tests

Score floored at 0. Original score was -9.

Overall Scores

Test	Pass	Score	Max	Min	Reason	Recommended Apache Config	More
HTTPS Availability	❌	-40	0	-40	Site is not available over HTTPS	`—`
SSL and TLS Protocols	➖	0	0	-5	N/A (site not available over HTTPS)	`SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off`	🛈
HSTS (Strict Transport Security)	➖	0	0	-15	N/A (Site is not available over HTTPS)	`Header set Strict-Transport-Security max-age=31536000; includeSubDomains; preload`	🛈
Expect Certificate Transparency	➖	0	0	-5	N/A (Expect-CT header only effective on HTTPS connections)	`—`
HTTP Compression	➖	0	1	0	Exempt (site not available over HTTPS)	`SetEnv no-gzip 1 Header set Cache-Control "max-age=0, private, no-cache, no-store, no-transform, must-revalidate"`	🛈
Cache Control	➖	0	0	-5	Exempt (site not available over HTTPS)	`Header set Cache-Control "no-store, no-cache, must-revalidate"`
Cookies	✅	0	0	-20	N/A (No cookies sent)	`—`
Subresource Integrity	❌	-5	5	-10	Scripts loaded (see subtable for details)		🛈
Content-Security-Policy	❌	-24	0	-24	Content-Security-Policy header not sent	`Header set Content-Security-Policy " default-src 'none';\ base-uri 'none';\ etc. [see CSP table];\ report-to default;\ report-uri https://[your-endpoint].report-uri.com/r/d/csp/enforce;"`	🛈
Feature-Policy	➖	0	5	0	Feature-Policy header not sent	`Header set Feature-Policy "autoplay 'self';"`
Report-To	➖	0	1	0	No Report-To header sent	`Header set Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://[your-endpoint].report-uri.com/a/d/g"}],"include_subdomains":true}`
Network Error Logging	➖	0	1	0	N/A (Requires Report-To header)	`Header set NEL: {"report_to":"default","max_age":31536000,"include_subdomains":true}`
Referrer Policy	➖	0	2	-5	Referrer-Policy header not sent	`Header always set Referrer-Policy "no-referrer-when-downgrade"`
X-Content-Type-Options	❌	-10	0	-10	X-Content-Type-Options header not implemented	`Header set X-Content-Type-Options "nosniff"`
X-XSS-Protection	❌	-10	0	-10	X-XSS-Protection header not implemented	`Header set X-XSS-Protection "1; mode=block"`
X-Frame-Options	❌	-10	0	-10	X-Frame-Options header not implemented	`Header set X-Frame-Options "DENY"`
X-Powered-By	✅	0	0	-3	X-Powered-By header not sent	`Header unset "X-Powered-By"`
X-AspNet-Version	✅	0	0	-1	X-AspNet-Version header not sent	`—`
X-AspNetMvc-Version	✅	0	0	-1	X-AspNetMvc-Version header not sent	`—`
Server Header	✅	0	0	-2	Server header sent, with general, non-specific value `Apache`	`ServerTokens Prod`
Cross-Origin Resource Sharing	✅	0	0	-15	CORS header not implemented	`—`
DNSSEC (DNS Security Extensions)	❌	-5	0	-5	Domain is not signed with a valid signature	`—`
IPv6 Reachability	❌	-5	0	-5	Nameservers available via IPv6, but web server is not	`—`
SPF (Sender Policy Framework)	➖	0	0	-10	No MX records associated with this hostname	`—`
DMARC (Domain-based Message Authentication, Reporting, and Confidence)	➖	0	0	-10	No MX records associated with this hostname	`—`

Subresource Integrity (External JavaScript)

Maximum score for any and all scripts is 5 and minimum score for any and all scripts is -10.

Script	Pass	Score	Reason	HTTPS
https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js	❌	-5	Script is external but does not use SRI	✅
https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js	❌	-5	Script is external but does not use SRI	✅
js/jquery.js	➖	0	Script is relative same-origin but may not necessarily be loaded securely	➖
js/bootstrap.min.js	➖	0	Script is relative same-origin but may not necessarily be loaded securely	➖
https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js	❌	-5	Script is external but does not use SRI	✅

Raw Headers

dateSun, 21 Feb 2021 17:42:58 GMT

serverApache

last-modifiedSun, 21 Feb 2021 16:39:55 GMT

etag"2c810a0-166f-5bbdb55d44f60-gzip"

accept-rangesbytes

varyAccept-Encoding,User-Agent

content-encodinggzip

content-length2196

content-typetext/html

via1.1 voip.phreaknet.org

Test History

Results hidden from public stats are not shown here.

3 years ago

Was this test helpful? Are there things we could improve? If so, please let us know! If you'd like to support it, donations are greatly appreciated.