Web & Email Security Test

← Web Test Home

Test Information

Targetsubur88.co

Resolved To:https://subur88.co/

IPv4:104.21.46.252
172.67.143.101

Scan ID #:462

Scan Time (UTC):2026-06-13 09:45:07

Response Code (HTTP):301

Response Code (HTTPS):200

Score:22/120

Tests Passed:16/25

Related Tests

Overall Scores

Test	Pass	Score	Max	Min	Reason	Recommended Apache Config	More
HTTPS Availability	✅	0	0	-40	Site is available over HTTPS and HTTP redirects to HTTPS with same hostname	`—`
SSL and TLS Protocols	➖	0	5	-20	TLS v1.0/v1.1 are being phased out as certain TLS v1.0 ciphers are not secure	`SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off`	🛈
HSTS (Strict Transport Security)	❌	-15	0	-15	Site is available over HTTPS but no HSTS header sent	`Header set Strict-Transport-Security max-age=31536000; includeSubDomains; preload`	🛈
Expect Certificate Transparency	❌	-5	0	-5	Site available over HTTPS but no certificate transparency directives	`—`
HTTP Compression	✅	+1	1	0	HTTP compression not supported	`SetEnv no-gzip 1 Header set Cache-Control "max-age=0, private, no-cache, no-store, no-transform, must-revalidate"`	🛈
Cache Control	❌	-5	0	-5	Cache-Control header not sent	`Header set Cache-Control "no-store, no-cache, must-revalidate"`
Cookies	✅	0	0	-20	N/A (No cookies sent)	`—`
Subresource Integrity	❌	-5	5	-10	Scripts loaded (see subtable for details)		🛈
Content-Security-Policy	❌	-16	0	-24	Content-Security-Policy header sent (see subtable for details)	`Header set Content-Security-Policy " default-src 'none';\ base-uri 'none';\ etc. [see CSP table];\ report-to default;\ report-uri https://[your-endpoint].report-uri.com/r/d/csp/enforce;"`	🛈
Feature-Policy	➖	0	5	0	Feature-Policy header not sent	`Header set Feature-Policy "autoplay 'self';"`
Report-To	✅	+1	1	0	Report-To header sent	`Header set Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://[your-endpoint].report-uri.com/a/d/g"}],"include_subdomains":true}`
Network Error Logging	✅	+1	1	0	NEL header sent	`Header set NEL: {"report_to":"default","max_age":31536000,"include_subdomains":true}`
Referrer Policy	➖	0	2	-5	Referrer-Policy header not sent	`Header always set Referrer-Policy "no-referrer-when-downgrade"`
X-Content-Type-Options	❌	-10	0	-10	X-Content-Type-Options header not implemented	`Header set X-Content-Type-Options "nosniff"`
X-XSS-Protection	❌	-10	0	-10	X-XSS-Protection header not implemented	`Header set X-XSS-Protection "1; mode=block"`
X-Frame-Options	❌	-10	0	-10	X-Frame-Options header not implemented	`Header set X-Frame-Options "DENY"`
X-Powered-By	✅	0	0	-3	X-Powered-By header not sent	`Header unset "X-Powered-By"`
X-AspNet-Version	✅	0	0	-1	X-AspNet-Version header not sent	`—`
X-AspNetMvc-Version	✅	0	0	-1	X-AspNetMvc-Version header not sent	`—`
Server Header	✅	0	0	-2	Server header sent, with general, non-specific value `cloudflare`	`ServerTokens Prod`
Cross-Origin Resource Sharing	✅	0	0	-15	CORS header not implemented	`—`
DNSSEC (DNS Security Extensions)	❌	-5	0	-5	Domain is not signed with a valid signature	`—`
IPv6 Reachability	✅	0	0	-5	Nameservers and web server available via IPv6	`—`
SPF (Sender Policy Framework)	➖	0	0	-10	No MX records associated with this hostname	`—`
DMARC (Domain-based Message Authentication, Reporting, and Confidence)	➖	0	0	-10	No MX records associated with this hostname	`—`

Subresource Integrity (External JavaScript)

Maximum score for any and all scripts is 5 and minimum score for any and all scripts is -10.

Script	Pass	Score	Reason	HTTPS
https://browser.sentry-cdn.com/7.27.0/bundle.es5.min.js	❌	-5	Script is external but does not use SRI	✅
https://js.sentry-cdn.com/ae5144750dde4120836c6690aedf3edb.min.js	❌	-5	Script is external but does not use SRI	✅
https://static.hotjar.com/c/hotjar-2978054.js?sv=6	❌	-5	Script is external but does not use SRI	✅
https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993	✅	5	Script is external but uses SRI	✅

Content Security Policy

Directive	Pass	Score	Min	Reason	Recommended Baseline	More
default-src	❌	-1	-1	Missing	'none'
script-src	❌	-1	-4	Missing	'self'
style-src	❌	-1	-4	Missing	'self'
font-src	❌	-1	-2	Missing	'self'	🛈
base-uri	❌	-1	-1	Missing	'none'
frame-ancestors	❌	-1	-3	Missing	'none'
form-action	➖	0	0	Missing, but this directive may not be appropriate		🛈
plugin-types	✅	0	0	CSP doesn't contain deprecated directive	application/pdf
object-src	❌	-1	-1	Missing	'none'
child-src	❌	-1	-1	Missing	'none'
frame-src	❌	-1	-1	Missing	'none'
img-src	❌	-1	-1	Missing	https: data:
worker-src	❌	-1	-1	Missing	'none'
manifest-src	❌	-1	-1	Missing	'none'
media-src	❌	-1	-1	Missing	'self'
connect-src	❌	-1	-1	Missing	'self'	🛈
report-uri	❌	-1	-1	Needed for CSP reporting in CSP version 2	https://<your-endpoint>.report-uri.com/r/d/csp/enforce
report-to	➖	-1	0	Needed for CSP reporting in CSP version 3	default

Raw Headers

dateSat, 13 Jun 2026 09:45:07 GMT

content-typetext/html

last-modifiedWed, 20 May 2026 11:43:54 GMT

report-to{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=P8SKpQ58wcCSLMJFDe9mENONi%2FQxIapAr1We7RR5DbKEU4taeaha9v5%2F8fKzZYuN1bVoWas5h%2FZ6AwmC6HjZjfqASWLpAe4JjNsdRYNuOjJH89Rq%2BY8PHquExjEo"}]}

varyAccept-Encoding

nel{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}

servercloudflare

platformhostinger

panelhpanel

content-security-policyupgrade-insecure-requests

alt-svch3=":443"; ma=86400

x-turbo-charged-byLiteSpeed

cf-cache-statusDYNAMIC

content-encodingzstd

cf-raya0b029173bad7611-EWR

Test History

Results hidden from public stats are not shown here.

1 week ago

Was this test helpful? Are there things we could improve? If so, please let us know! If you'd like to support it, donations are greatly appreciated.