Web & Email Security Test

← Web Test Home

Test Information

Targetgekk.info

Resolved To:https://gekk.info/

IPv4:173.236.252.210

Scan ID #:393

Scan Time (UTC):2026-02-20 00:55:13

Response Code (HTTP):200

Response Code (HTTPS):200

Score:6/120

Tests Passed:16/25

Related Tests

Overall Scores

Test	Pass	Score	Max	Min	Reason	Recommended Apache Config	More
HTTPS Availability	➖	-10	0	-40	Site is available over HTTPS but HTTP does not redirect to HTTPS with same hostname	`—`
SSL and TLS Protocols	✅	+5	5	-20	TLS v1.2 and TLS v1.3 are supported	`SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off`	🛈
HSTS (Strict Transport Security)	❌	-15	0	-15	HTTP must redirect to HTTPS on same domain to implement HSTS	`Header set Strict-Transport-Security max-age=31536000; includeSubDomains; preload`	🛈
Expect Certificate Transparency	❌	-5	0	-5	Site available over HTTPS but no certificate transparency directives	`—`
HTTP Compression	➖	0	1	0	HTTP compression is supported	`SetEnv no-gzip 1 Header set Cache-Control "max-age=0, private, no-cache, no-store, no-transform, must-revalidate"`	🛈
Cache Control	❌	-5	0	-5	Cache-Control directives are not adequate for sensitive data	`Header set Cache-Control "no-store, no-cache, must-revalidate"`
Cookies	✅	0	0	-20	N/A (No cookies sent)	`—`
Subresource Integrity	✅	+5	5	-10	N/A (No external JavaScript detected)	`—`	🛈
Content-Security-Policy	❌	-24	0	-24	Content-Security-Policy header not sent	`Header set Content-Security-Policy " default-src 'none';\ base-uri 'none';\ etc. [see CSP table];\ report-to default;\ report-uri https://[your-endpoint].report-uri.com/r/d/csp/enforce;"`	🛈
Feature-Policy	➖	0	5	0	Feature-Policy header not sent	`Header set Feature-Policy "autoplay 'self';"`
Report-To	➖	0	1	0	No Report-To header sent	`Header set Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://[your-endpoint].report-uri.com/a/d/g"}],"include_subdomains":true}`
Network Error Logging	➖	0	1	0	N/A (Requires Report-To header)	`Header set NEL: {"report_to":"default","max_age":31536000,"include_subdomains":true}`
Referrer Policy	➖	0	2	-5	Referrer-Policy header not sent	`Header always set Referrer-Policy "no-referrer-when-downgrade"`
X-Content-Type-Options	❌	-10	0	-10	X-Content-Type-Options header not implemented	`Header set X-Content-Type-Options "nosniff"`
X-XSS-Protection	❌	-10	0	-10	X-XSS-Protection header not implemented	`Header set X-XSS-Protection "1; mode=block"`
X-Frame-Options	❌	-10	0	-10	X-Frame-Options header not implemented	`Header set X-Frame-Options "DENY"`
X-Powered-By	✅	0	0	-3	X-Powered-By header not sent	`Header unset "X-Powered-By"`
X-AspNet-Version	✅	0	0	-1	X-AspNet-Version header not sent	`—`
X-AspNetMvc-Version	✅	0	0	-1	X-AspNetMvc-Version header not sent	`—`
Server Header	✅	0	0	-2	Server header sent, with general, non-specific value `Apache`	`ServerTokens Prod`
Cross-Origin Resource Sharing	✅	0	0	-15	CORS header not implemented	`—`
DNSSEC (DNS Security Extensions)	❌	-5	0	-5	Domain is not signed with a valid signature	`—`
IPv6 Reachability	➖	0	0	-5	Nameservers not available via IPv6, so site can't support IPv6	`—`
SPF (Sender Policy Framework)	✅	0	0	-10	SPF record associated with this domain	`—`
DMARC (Domain-based Message Authentication, Reporting, and Confidence)	❌	-10	0	-10	An MX record was found for this hostname, but no DMARC record exists	`—`

Raw Headers

last-modifiedSun, 04 May 2025 04:18:13 GMT

etag"2bc2-63447abfbeb40-gzip"

accept-rangesbytes

cache-controlmax-age=600

expiresFri, 20 Feb 2026 01:05:12 GMT

varyAccept-Encoding,User-Agent

content-encodinggzip

content-length4748

content-typetext/html

dateFri, 20 Feb 2026 00:55:12 GMT

serverApache

Test History

Results hidden from public stats are not shown here.

21 hours ago

Was this test helpful? Are there things we could improve? If so, please let us know! If you'd like to support it, donations are greatly appreciated.