Security Test
Website Security Test
Website Vulnerability Scanner
Comprehensive security testing for your website
Security Report: satindersartaaj.com
Scan Date: Jan. 17, 2026, 1:07 p.m. | Duration: 1.8 seconds
Have you made changes or fixed vulnerabilities?
Run a fresh scan to verify your latest security updates.
Risk Rating
Overall Risk Rating
D (50/100)
Risk Distribution Chart
CVE Based Risk Distribution
| Critical | 0 |
| High | 0 |
| Medium | 0 |
| Low | 0 |
CWE Based Risk Distribution
| Critical | 0 |
| High | 4 |
| Medium | 2 |
| Low | 0 |
Scan Summary
| 1 | Input Hostname | satindersartaaj.com |
| 2 | Target URL | satindersartaaj.com |
| 3 | Scan Start Time | Jan. 17, 2026, 1:07 p.m. |
| 4 | Scan Duration | 1.8 seconds |
| 5 | Total Test Cases | 42 |
| 6 | Passed Cases | 0 |
| 7 | Failed Cases | 15 |
Target Information
| 1 | Target URL | satindersartaaj.com |
| 2 | IP Address | E |
| 3 | Hosting Provider | r |
| 4 | Registrar | r |
| 5 | Programming Language | Not Detected |
| 6 | Web Server | Not Detected |
| 7 | CMS | Not Detected |
| 8 | Operating System | Unknown |
| 9 | HTTPS Enabled | Unknown |
| 10 | WAF Detected | Not Detected |
Detailed Technical Analysis
| 1 | Open Ports | [80, 443] |
| 2 | Debug Method Enabled | No |
| 3 | OPTIONS Method | No |
| 4 | DKIM | Not Detected |
| 5 | SPF | Not Detected |
| 6 | DMARC | Not Detected |
| 7 | Captcha Detection | Not Detected |
| 8 | Password field with autocomplete | Not Detected |
| 9 | Unencrypted Viewstate | Not Detected |
Findings – CVE (Common Vulnerabilities and Exposures)
No CVE vulnerabilities found.
Findings – CWE (Common Weakness Enumeration)
| Sr. No | Vulnerability Source | CWE ID | Severity | Description | Remediation |
|---|---|---|---|---|---|
| 1 | Missing Content-Security-Policy header | CWE-693 | High | Failure to enforce mechanisms that protect against unauthorized modifications such as XSS or content injection. | Implement a strong Content-Security-Policy header such as: "Content-Security-Policy: default-src 'self'; script-src 'self'". |
| 2 | Missing Strict-Transport-Security header | CWE-319 | High | Sensitive information is exposed in transit due to the absence of secure channel enforcement. | Enable HSTS with: "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload". |
| 3 | Missing HttpOnly flag in cookies | CWE-1004 | High | Cookies accessible by JavaScript can be stolen via XSS. | Set the HttpOnly flag to prevent client-side script access. |
| 4 | Missing Secure flag in cookies | CWE-614 | High | Cookies without the Secure flag may be sent over unencrypted connections. | Enable the Secure flag for all session or sensitive cookies. |
| 5 | Missing Referrer-Policy header | CWE-200 | Medium | Exposure of sensitive URLs or information to third-party sites. | Set a secure referrer policy such as: "Referrer-Policy: no-referrer". |
| 6 | Missing X-Content-Type-Options header | CWE-16 | Medium | Improperly configured security headers allow MIME-type confusion attacks. | Add the header: "X-Content-Type-Options: nosniff". |
Scan Test Cases
| Sr. No | Test Case |
|---|---|
| 1 | Inline Connection |
| 2 | Ip-Address |
| 3 | Cloud_Provider |
| 4 | Server Disclosure |
| 5 | Technology Disclosure |
| 6 | Cms Detection |
| 7 | Mixed Content Analysis |
| 8 | Operating-System |
| 9 | Open Ports Scan |
| 10 | Database |
| 11 | Javascript Libraries |
| 12 | Secure Connection Check |
| 13 | Directories Listing Exposed |
| 14 | Password Exposing Pages |
| 15 | Missing Security Headers |
| 16 | Missing Content-Security-Policy |
| 17 | Missing Strict-Transport-Security |
| 18 | Missing Referrer-Policy |
| 19 | Missing X-Content-Type-Options |
| 20 | Missing Cookie http flag |
| 21 | Missing Cookie secure flag |
| 22 | Secret Files Detection |
| 23 | WAF-Detection |
| Sr. No | Test Case |
|---|---|
| 24 | SSL Certificate Validation |
| 25 | Loose Cookie Domain |
| 26 | CSP Header Analysis |
| 27 | OpenAPI Disclosure |
| 28 | Password Leak Detection |
| 29 | Path Disclosure |
| 30 | Error Messages Analysis |
| 31 | Rate Limit Headers |
| 32 | Email Extraction |
| 33 | Xml-RPC Endpoint Detection |
| 34 | HTTP Methods Allowed |
| 35 | Enabled Debug Method |
| 36 | Enabled OPTIONS Method |
| 37 | Cross-Domain Inclusion |
| 38 | File Upload Detection |
| 39 | Client Access Policies |
| 40 | X-FRAME OPTIONS |
| 41 | X-XSS PROTECTION |
| 42 | .htaccess Exposure |
Passed & Failed Cases
Passed Cases (0)
- No passed cases recorded.
Failed Cases (15)
- Secure Connection
- Missing Security Headers
- Missing Content-Security-Policy header
- Missing Strict-Transport-Security header
- Missing Referrer-Policy header
- Missing X-Content-Type-Options header
- Missing HttpOnly flag in cookies
- Missing Secure flag in cookies
- WAF Detection
- SSL Certificate
- Enabled Debug Method
- Enabled OPTIONS Method
- Client Access Policies
- X-FRAME OPTIONS
- X-XSS PROTECTION
View Raw Scan Data (JSON)
{
"host": "satindersartaaj.com",
"host_url": "satindersartaaj.com",
"task_id": "c974f5e5-adc2-4467-8d4c-8932761e2e38",
"status": "COMPLETED",
"inline_connection": "Yes",
"original_header": null,
"ip_address": "E",
"hosting_provider": "r",
"registrar": "r",
"cms": null,
"cms_cve": null,
"server": null,
"server_disclosure_cve": null,
"programming_language": null,
"technology_disclosure_cve": null,
"mixed_content_analysis": null,
"operating_system": "Unknown",
"open_ports": [
80,
443
],
"database_technology": null,
"javascript_libraries": null,
"javascript_libraries_cve": null,
"secure_connection": null,
"directory_listing": null,
"passwords_submitted_unencrypted": null,
"missing_security_headers": [
"STRICT-TRANSPORT-SECURITY",
"PERMISSIONS-POLICY",
"X-FRAME-OPTIONS",
"CONTENT-SECURITY-POLICY",
"X-CONTENT-TYPE-OPTIONS",
"X-XSS-PROTECTION",
"REFERRER-POLICY",
"X-PERMITTED-CROSS-DOMAIN"
],
"missing_content_security_policy_header": {
"issue": "Missing Content-Security-Policy header",
"severity": "High",
"cwe_id": "CWE-693",
"cwe_description": "Failure to enforce mechanisms that protect against unauthorized modifications such as XSS or content injection.",
"fix": "Implement a strong Content-Security-Policy header such as: \"Content-Security-Policy: default-src 'self'; script-src 'self'\"."
},
"missing_strict_transport_security_header": {
"issue": "Missing Strict-Transport-Security header",
"severity": "High",
"cwe_id": "CWE-319",
"cwe_description": "Sensitive information is exposed in transit due to the absence of secure channel enforcement.",
"fix": "Enable HSTS with: \"Strict-Transport-Security: max-age=31536000; includeSubDomains; preload\"."
},
"missing_referrer_policy_header": {
"issue": "Missing Referrer-Policy header",
"severity": "Medium",
"cwe_id": "CWE-200",
"cwe_description": "Exposure of sensitive URLs or information to third-party sites.",
"fix": "Set a secure referrer policy such as: \"Referrer-Policy: no-referrer\"."
},
"missing_x_content_type_options_header": {
"issue": "Missing X-Content-Type-Options header",
"severity": "Medium",
"cwe_id": "CWE-16",
"cwe_description": "Improperly configured security headers allow MIME-type confusion attacks.",
"fix": "Add the header: \"X-Content-Type-Options: nosniff\"."
},
"missing_httponly_flag_in_cookies": {
"issue": "Missing HttpOnly flag in cookies",
"severity": "High",
"cwe_id": "CWE-1004",
"cwe_description": "Cookies accessible by JavaScript can be stolen via XSS.",
"fix": "Set the HttpOnly flag to prevent client-side script access."
},
"missing_secure_flag_in_cookies": {
"issue": "Missing Secure flag in cookies",
"severity": "High",
"cwe_id": "CWE-614",
"cwe_description": "Cookies without the Secure flag may be sent over unencrypted connections.",
"fix": "Enable the Secure flag for all session or sensitive cookies."
},
"secret_files_detection": null,
"robots_txt_file_found": null,
"waf_detection": null,
"ssl_certificate": null,
"loose_cookie_domain": null,
"csp_header_analysis": null,
"openapi_disclosure": null,
"password_leakage": null,
"error_messages_analysis": null,
"path_disclosure": null,
"rate_limit_headers": null,
"email_extraction": null,
"xml_rpc_endpoint_detection": null,
"http_methods_allowed": null,
"enabled_debug_method": "No",
"enabled_options_method": "No",
"cross_domain_inclusion": null,
"file_upload": null,
"client_access_policies": [],
"x_frame_options": "Missing X-Frame-Options",
"x_xss_protection": "Missing x-xss-protection header",
"htaccess_exposure": null,
"host_header_injection": null,
"captcha_detection": null,
"password_field_with_autocomplete": null,
"spf": null,
"dmarc": null,
"dkim": null,
"unencrypted_viewstate": null,
"total_scans": [
"Inline Connection",
"Ip-Address",
"Cloud_Provider",
"Server Disclosure",
"Technology Disclosure",
"Cms Detection",
"Mixed Content Analysis",
"Operating-System",
"Open Ports Scan",
"Database",
"Javascript Libraries",
"Secure Connection Check",
"Directories Listing Exposed",
"Password Exposing Pages",
"Missing Security Headers",
"Missing Content-Security-Policy",
"Missing Strict-Transport-Security",
"Missing Referrer-Policy",
"Missing X-Content-Type-Options",
"Missing Cookie http flag",
"Missing Cookie secure flag",
"Secret Files Detection",
"WAF-Detection",
"SSL Certificate Validation",
"Loose Cookie Domain",
"CSP Header Analysis",
"OpenAPI Disclosure",
"Password Leak Detection",
"Path Disclosure",
"Error Messages Analysis",
"Rate Limit Headers",
"Email Extraction",
"Xml-RPC Endpoint Detection",
"HTTP Methods Allowed",
"Enabled Debug Method",
"Enabled OPTIONS Method",
"Cross-Domain Inclusion",
"File Upload Detection",
"Client Access Policies",
"X-FRAME OPTIONS",
"X-XSS PROTECTION",
".htaccess Exposure"
],
"executive_summary": {
"Severity": "High",
"Total Checks Passed": 22,
"Passes Cases": [
"CMS",
"Server Disclosure",
"Technology Disclosure",
"Mixed Content (HTTP on HTTPS)",
"Open Ports Scan",
"Javascript Libraries",
"Directory Listing Exposed",
"Passwords submitted unencrypted",
"Secret Files Detection",
"Loose cookie domain",
"Content Security Policy Misconfiguration",
"OpenAPI Disclosure",
"Password Leakage",
"Error Messages Analysis",
"Path Disclosure",
"Rate Limit Headers",
"Emails exposed",
"XML-RPC Endpoint Detection (XML-RPC Endpoint Detection) ",
"Cross-Domain Inclusion",
"File Upload Detection",
".htaccess Exposure",
"Host Header Injection"
],
"Total Checks Failed": 15,
"Failed Cases": [
"Secure Connection",
"Missing Security Headers",
"Missing Content-Security-Policy header",
"Missing Strict-Transport-Security header",
"Missing Referrer-Policy header",
"Missing X-Content-Type-Options header",
"Missing HttpOnly flag in cookies",
"Missing Secure flag in cookies",
"WAF Detection",
"SSL Certificate",
"Enabled Debug Method",
"Enabled OPTIONS Method",
"Client Access Policies",
"X-FRAME OPTIONS",
"X-XSS PROTECTION"
],
"Total CVEs Found": 0,
"Critical": 0,
"High": 0,
"Medium": 0,
"Low": 0,
"Total CWEs Found": 7
},
"total_scan_time": "1.8 seconds",
"scan_start_timestamp": "2026-01-17 07:37:03"
}
Other Security Tools
Explore our comprehensive suite of security testing tools