Security Test

Website Security Test

Website Vulnerability Scanner

Comprehensive security testing for your website

Security Report: https://www.zscaler.com:443/

Scan Date: Jan. 18, 2026, 11:02 a.m. | Duration: 1 minute, 4.9 seconds

Have you made changes or fixed vulnerabilities?

Run a fresh scan to verify your latest security updates.

Risk Rating

Overall Risk Rating B (75/100)

Risk Distribution Chart

CVE Based Risk Distribution

Critical	0
High	0
Medium	0
Low	0

CWE Based Risk Distribution

Critical	0
High	2
Medium	1
Low	0

Scan Summary

1	Input Hostname	zscaler.com
2	Target URL	https://www.zscaler.com:443/
3	Scan Start Time	Jan. 18, 2026, 11:02 a.m.
4	Scan Duration	1 minute, 4.9 seconds
5	Total Test Cases	42
6	Passed Cases	22
7	Failed Cases	16

Target Information

1	Target URL	https://www.zscaler.com:443/
2	IP Address	35.165.204.145
3	Hosting Provider	Amazon Web Services (AWS)
4	Registrar	Not Available
5	Programming Language	Not Detected
6	Web Server	cloudflare
7	CMS	Not Detected
8	Operating System	Unknown
9	HTTPS Enabled	Enabled
10	WAF Detected	['Cloudflare', 'Cloudflare']

Original Header Response

Date: Sun, 18 Jan 2026 05:33:00 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: br
Age: 31
Cache-Control: public,max-age=0,must-revalidate
cache-status: "Netlify Durable"; hit; ttl=568, "Next.js"; fwd=miss, "Netlify Edge"; fwd=stale, "Netlify Durable"; hit; ttl=568, "Next.js"; fwd=miss, "Netlify Edge"; fwd=stale;detail=p1
content-security-policy: default-src 'none' 'self' strict-dynamic https://*.liadm.com; img-src 'self' fast.wistia.com https: data: blob: https://*.pathfactory.com https://explore.zscaler.com https://*.qualified.com https://tags.srv.stackadapt.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/analytics.js/v1/ https://js.zi-scripts.com/zi-tag.js *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://*.pathfactory.com https://zscaler.piwik.pro/ https://explore.zscaler.com https://js.storylane.io https://www.redditstatic.com/ https://js.qualified.com blob: https://s3-us-west-2.amazonaws.com/b2bjsstore/b/Z6PVLHPZV26R/Z6PVLHPZV26R.js.gz https://a.usbrowserspeed.com/cs https://ddwl4m2hdecbv.cloudfront.net/b/ https://b-code.liadm.com/lc2.js https://rp.liadm.com idx.liadm.com https://idx.liadm.com https://layer.zscaler.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://s.yimg.jp https://*.yahoo.co.jp https://tr.capterra.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://*.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://*.pathfactory.com https://explore.zscaler.com https://zscaler.piwik.pro/ https://*.qualified.com https://tags.srv.stackadapt.com; connect-src 'self' blob: https://api.segment.io https://cdn.segment.com https://pixels.spotify.com/v1/ingest https://privacyportal.onetrust.com/request/v1/consentreceipts 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://1cc736ed757d4e24b91428e20d3e43f8.us-west-1.aws.found.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://*.pathfactory.com https://explore.zscaler.com https://zscaler.piwik.pro/ https://*.qualified.com wss://*.qualified.com https://www.redditstatic.com/ https://pixel-config.reddit.com/ https://conversions-config.reddit.com/ 'strict-dynamic' https://pro.ip-api.com https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://*.liadm.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://a.usbrowserspeed.com https://layer.zscaler.com https://tags.srv.stackadapt.com https://*.yahoo.co.jp https://tr.capterra.com; media-src https://cms.zscaler.com https://app.storylane.io https://app.storylane.io/demo https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://*.qualified.com; worker-src 'self' blob: ; frame-src 'self' blob: https://app.storylane.io https://app.storylane.io/demo e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/ https://explore.zscaler.com https://zscaler.my.site.com https://www.googletagmanager.com/ https://zscaler784.outgrow.us https://*.qualified.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com https://zscaler.my.site.com; child-src https://*.qualified.com;
netlify-vary: query=__nextDataReq|_rsc,header=x-nextjs-data|x-next-debug-logging|next-router-prefetch|next-router-segment-prefetch|next-router-state-tree|next-url|rsc,cookie=__prerender_bypass|__next_preview_data
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://www.zscaler.com/api/report-csp-violation"}],"include_subdomains":true}
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-nextjs-date: Sun, 18 Jan 2026 05:32:27 GMT
x-nextjs-prerender: 1
x-nf-request-id: 01KF7SF999EQ465XM1W64BEQZK
x-powered-by: 
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
Server: cloudflare
CF-RAY: 9bfbb70d28ea3c64-BOM

Detailed Technical Analysis

1	Open Ports	[80, 443]
2	Debug Method Enabled	No
3	OPTIONS Method	No
4	DKIM	Not Detected
5	SPF	Not Detected
6	DMARC	Not Detected
7	Captcha Detection	Not Detected
8	Password field with autocomplete	Not Detected
9	Unencrypted Viewstate	Not Detected

Additional Findings

Secret Files Detection

Http Methods Allowed

GET
HEAD

Cross Domain Inclusion

cdn.cookielaw.org
www.zscaler.com

Findings – CVE (Common Vulnerabilities and Exposures)

No CVE vulnerabilities found.

Findings – CWE (Common Weakness Enumeration)

Sr. No	Vulnerability Source	CWE ID	Severity	Description	Remediation
1	Missing HttpOnly flag in cookies	CWE-1004	High	Cookies accessible by JavaScript can be stolen via XSS.	Set the HttpOnly flag to prevent client-side script access.
2	Missing Secure flag in cookies	CWE-614	High	Cookies without the Secure flag may be sent over unencrypted connections.	Enable the Secure flag for all session or sensitive cookies.
3	Missing Referrer-Policy header	CWE-200	Medium	Exposure of sensitive URLs or information to third-party sites.	Set a secure referrer policy such as: "Referrer-Policy: no-referrer".

Scan Test Cases

Sr. No	Test Case
1	Inline Connection
2	Ip-Address
3	Cloud_Provider
4	Server Disclosure
5	Technology Disclosure
6	Cms Detection
7	Mixed Content Analysis
8	Operating-System
9	Open Ports Scan
10	Database
11	Javascript Libraries
12	Secure Connection Check
13	Directories Listing Exposed
14	Password Exposing Pages
15	Missing Security Headers
16	Missing Content-Security-Policy
17	Missing Strict-Transport-Security
18	Missing Referrer-Policy
19	Missing X-Content-Type-Options
20	Missing Cookie http flag
21	Missing Cookie secure flag
22	Secret Files Detection
23	WAF-Detection

Sr. No	Test Case
24	SSL Certificate Validation
25	Loose Cookie Domain
26	CSP Header Analysis
27	OpenAPI Disclosure
28	Password Leak Detection
29	Path Disclosure
30	Error Messages Analysis
31	Rate Limit Headers
32	Email Extraction
33	Xml-RPC Endpoint Detection
34	HTTP Methods Allowed
35	Enabled Debug Method
36	Enabled OPTIONS Method
37	Cross-Domain Inclusion
38	File Upload Detection
39	Client Access Policies
40	X-FRAME OPTIONS
41	X-XSS PROTECTION
42	.htaccess Exposure

Passed & Failed Cases

Passed Cases (22)

CMS
Mixed Content (HTTP on HTTPS)
Open Ports Scan
Javascript Libraries
Secure Connection
Directory Listing Exposed
Passwords submitted unencrypted
Missing Content-Security-Policy header
Missing Strict-Transport-Security header
Missing X-Content-Type-Options header
WAF Detection
Loose cookie domain
OpenAPI Disclosure
Password Leakage
Error Messages Analysis
Path Disclosure
Rate Limit Headers
Emails exposed
XML-RPC Endpoint Detection (XML-RPC Endpoint Detection)
File Upload Detection
.htaccess Exposure
Host Header Injection

Failed Cases (16)

Server Disclosure
Technology Disclosure
Missing Security Headers
Missing Referrer-Policy header
Missing HttpOnly flag in cookies
Missing Secure flag in cookies
Secret Files Detection
robots.txt file found
SSL Certificate
Content Security Policy Misconfiguration
Enabled Debug Method
Enabled OPTIONS Method
Cross-Domain Inclusion
Client Access Policies
X-FRAME OPTIONS
X-XSS PROTECTION

View Raw Scan Data (JSON)

{
    "host": "zscaler.com",
    "host_url": "https://www.zscaler.com:443/",
    "task_id": "1d67e10e-ac13-4cb8-978a-8fe9985045b3",
    "status": "COMPLETED",
    "inline_connection": "Yes",
    "original_header": {
        "Date": "Sun, 18 Jan 2026 05:33:00 GMT",
        "Content-Type": "text/html; charset=utf-8",
        "Transfer-Encoding": "chunked",
        "Connection": "keep-alive",
        "Content-Encoding": "br",
        "Age": "31",
        "Cache-Control": "public,max-age=0,must-revalidate",
        "cache-status": "\"Netlify Durable\"; hit; ttl=568, \"Next.js\"; fwd=miss, \"Netlify Edge\"; fwd=stale, \"Netlify Durable\"; hit; ttl=568, \"Next.js\"; fwd=miss, \"Netlify Edge\"; fwd=stale;detail=p1",
        "content-security-policy": "default-src 'none' 'self' strict-dynamic https://*.liadm.com; img-src 'self' fast.wistia.com https: data: blob: https://*.pathfactory.com https://explore.zscaler.com https://*.qualified.com https://tags.srv.stackadapt.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/analytics.js/v1/ https://js.zi-scripts.com/zi-tag.js *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://*.pathfactory.com https://zscaler.piwik.pro/ https://explore.zscaler.com https://js.storylane.io https://www.redditstatic.com/ https://js.qualified.com blob: https://s3-us-west-2.amazonaws.com/b2bjsstore/b/Z6PVLHPZV26R/Z6PVLHPZV26R.js.gz https://a.usbrowserspeed.com/cs https://ddwl4m2hdecbv.cloudfront.net/b/ https://b-code.liadm.com/lc2.js https://rp.liadm.com idx.liadm.com https://idx.liadm.com https://layer.zscaler.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://s.yimg.jp https://*.yahoo.co.jp https://tr.capterra.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://*.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://*.pathfactory.com https://explore.zscaler.com https://zscaler.piwik.pro/ https://*.qualified.com https://tags.srv.stackadapt.com; connect-src 'self' blob: https://api.segment.io https://cdn.segment.com https://pixels.spotify.com/v1/ingest https://privacyportal.onetrust.com/request/v1/consentreceipts 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://1cc736ed757d4e24b91428e20d3e43f8.us-west-1.aws.found.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://*.pathfactory.com https://explore.zscaler.com https://zscaler.piwik.pro/ https://*.qualified.com wss://*.qualified.com https://www.redditstatic.com/ https://pixel-config.reddit.com/ https://conversions-config.reddit.com/ 'strict-dynamic' https://pro.ip-api.com https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://*.liadm.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://a.usbrowserspeed.com https://layer.zscaler.com https://tags.srv.stackadapt.com https://*.yahoo.co.jp https://tr.capterra.com; media-src https://cms.zscaler.com https://app.storylane.io https://app.storylane.io/demo https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://*.qualified.com; worker-src 'self' blob: ; frame-src 'self' blob: https://app.storylane.io https://app.storylane.io/demo e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/ https://explore.zscaler.com https://zscaler.my.site.com https://www.googletagmanager.com/ https://zscaler784.outgrow.us https://*.qualified.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com https://zscaler.my.site.com; child-src https://*.qualified.com;",
        "netlify-vary": "query=__nextDataReq|_rsc,header=x-nextjs-data|x-next-debug-logging|next-router-prefetch|next-router-segment-prefetch|next-router-state-tree|next-url|rsc,cookie=__prerender_bypass|__next_preview_data",
        "report-to": "{\"group\":\"default\",\"max_age\":10886400,\"endpoints\":[{\"url\":\"https://www.zscaler.com/api/report-csp-violation\"}],\"include_subdomains\":true}",
        "strict-transport-security": "max-age=31536000; includeSubDomains; preload",
        "vary": "Accept-Encoding",
        "x-content-type-options": "nosniff",
        "x-nextjs-date": "Sun, 18 Jan 2026 05:32:27 GMT",
        "x-nextjs-prerender": "1",
        "x-nf-request-id": "01KF7SF999EQ465XM1W64BEQZK",
        "x-powered-by": "",
        "x-xss-protection": "1; mode=block",
        "cf-cache-status": "DYNAMIC",
        "Server": "cloudflare",
        "CF-RAY": "9bfbb70d28ea3c64-BOM"
    },
    "ip_address": "35.165.204.145",
    "hosting_provider": "Amazon Web Services (AWS)",
    "registrar": null,
    "cms": null,
    "cms_cve": null,
    "server": "cloudflare",
    "server_disclosure_cve": null,
    "programming_language": "",
    "technology_disclosure_cve": null,
    "mixed_content_analysis": null,
    "operating_system": "Unknown",
    "open_ports": [
        80,
        443
    ],
    "database_technology": null,
    "javascript_libraries": null,
    "javascript_libraries_cve": null,
    "secure_connection": "Enabled",
    "directory_listing": null,
    "passwords_submitted_unencrypted": null,
    "missing_security_headers": [
        "PERMISSIONS-POLICY",
        "X-FRAME-OPTIONS",
        "REFERRER-POLICY",
        "X-PERMITTED-CROSS-DOMAIN"
    ],
    "missing_content_security_policy_header": null,
    "missing_strict_transport_security_header": null,
    "missing_referrer_policy_header": {
        "issue": "Missing Referrer-Policy header",
        "severity": "Medium",
        "cwe_id": "CWE-200",
        "cwe_description": "Exposure of sensitive URLs or information to third-party sites.",
        "fix": "Set a secure referrer policy such as: \"Referrer-Policy: no-referrer\"."
    },
    "missing_x_content_type_options_header": null,
    "missing_httponly_flag_in_cookies": {
        "issue": "Missing HttpOnly flag in cookies",
        "severity": "High",
        "cwe_id": "CWE-1004",
        "cwe_description": "Cookies accessible by JavaScript can be stolen via XSS.",
        "fix": "Set the HttpOnly flag to prevent client-side script access."
    },
    "missing_secure_flag_in_cookies": {
        "issue": "Missing Secure flag in cookies",
        "severity": "High",
        "cwe_id": "CWE-614",
        "cwe_description": "Cookies without the Secure flag may be sent over unencrypted connections.",
        "fix": "Enable the Secure flag for all session or sensitive cookies."
    },
    "secret_files_detection": [
        "https://www.zscaler.com:443/robots.txt",
        "https://www.zscaler.com:443/sitemap.xml"
    ],
    "robots_txt_file_found": null,
    "waf_detection": [
        "Cloudflare",
        "Cloudflare"
    ],
    "ssl_certificate": null,
    "loose_cookie_domain": null,
    "csp_header_analysis": "CSP configuration is this default-src 'none' 'self' strict-dynamic https://*.liadm.com; img-src 'self' fast.wistia.com https: data: blob: https://*.pathfactory.com https://explore.zscaler.com https://*.qualified.com https://tags.srv.stackadapt.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/analytics.js/v1/ https://js.zi-scripts.com/zi-tag.js *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://*.pathfactory.com https://zscaler.piwik.pro/ https://explore.zscaler.com https://js.storylane.io https://www.redditstatic.com/ https://js.qualified.com blob: https://s3-us-west-2.amazonaws.com/b2bjsstore/b/Z6PVLHPZV26R/Z6PVLHPZV26R.js.gz https://a.usbrowserspeed.com/cs https://ddwl4m2hdecbv.cloudfront.net/b/ https://b-code.liadm.com/lc2.js https://rp.liadm.com idx.liadm.com https://idx.liadm.com https://layer.zscaler.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://s.yimg.jp https://*.yahoo.co.jp https://tr.capterra.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://*.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://*.pathfactory.com https://explore.zscaler.com https://zscaler.piwik.pro/ https://*.qualified.com https://tags.srv.stackadapt.com; connect-src 'self' blob: https://api.segment.io https://cdn.segment.com https://pixels.spotify.com/v1/ingest https://privacyportal.onetrust.com/request/v1/consentreceipts 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://1cc736ed757d4e24b91428e20d3e43f8.us-west-1.aws.found.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://*.pathfactory.com https://explore.zscaler.com https://zscaler.piwik.pro/ https://*.qualified.com wss://*.qualified.com https://www.redditstatic.com/ https://pixel-config.reddit.com/ https://conversions-config.reddit.com/ 'strict-dynamic' https://pro.ip-api.com https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://*.liadm.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://a.usbrowserspeed.com https://layer.zscaler.com https://tags.srv.stackadapt.com https://*.yahoo.co.jp https://tr.capterra.com; media-src https://cms.zscaler.com https://app.storylane.io https://app.storylane.io/demo https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://*.qualified.com; worker-src 'self' blob: ; frame-src 'self' blob: https://app.storylane.io https://app.storylane.io/demo e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/ https://explore.zscaler.com https://zscaler.my.site.com https://www.googletagmanager.com/ https://zscaler784.outgrow.us https://*.qualified.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com https://zscaler.my.site.com; child-src https://*.qualified.com;",
    "openapi_disclosure": null,
    "password_leakage": null,
    "error_messages_analysis": null,
    "path_disclosure": null,
    "rate_limit_headers": null,
    "email_extraction": null,
    "xml_rpc_endpoint_detection": null,
    "http_methods_allowed": [
        "GET",
        "HEAD"
    ],
    "enabled_debug_method": "No",
    "enabled_options_method": "No",
    "cross_domain_inclusion": [
        "cdn.cookielaw.org",
        "www.zscaler.com"
    ],
    "file_upload": null,
    "client_access_policies": [],
    "x_frame_options": "Missing X-Frame-Options",
    "x_xss_protection": "Properly Configured",
    "htaccess_exposure": null,
    "host_header_injection": null,
    "captcha_detection": null,
    "password_field_with_autocomplete": null,
    "spf": null,
    "dmarc": null,
    "dkim": null,
    "unencrypted_viewstate": null,
    "total_scans": [
        "Inline Connection",
        "Ip-Address",
        "Cloud_Provider",
        "Server Disclosure",
        "Technology Disclosure",
        "Cms Detection",
        "Mixed Content Analysis",
        "Operating-System",
        "Open Ports Scan",
        "Database",
        "Javascript Libraries",
        "Secure Connection Check",
        "Directories Listing Exposed",
        "Password Exposing Pages",
        "Missing Security Headers",
        "Missing Content-Security-Policy",
        "Missing Strict-Transport-Security",
        "Missing Referrer-Policy",
        "Missing X-Content-Type-Options",
        "Missing Cookie http flag",
        "Missing Cookie secure flag",
        "Secret Files Detection",
        "WAF-Detection",
        "SSL Certificate Validation",
        "Loose Cookie Domain",
        "CSP Header Analysis",
        "OpenAPI Disclosure",
        "Password Leak Detection",
        "Path Disclosure",
        "Error Messages Analysis",
        "Rate Limit Headers",
        "Email Extraction",
        "Xml-RPC Endpoint Detection",
        "HTTP Methods Allowed",
        "Enabled Debug Method",
        "Enabled OPTIONS Method",
        "Cross-Domain Inclusion",
        "File Upload Detection",
        "Client Access Policies",
        "X-FRAME OPTIONS",
        "X-XSS PROTECTION",
        ".htaccess Exposure"
    ],
    "executive_summary": {
        "Severity": "High",
        "Total Checks Passed": 22,
        "Passed Cases": [
            "CMS",
            "Mixed Content (HTTP on HTTPS)",
            "Open Ports Scan",
            "Javascript Libraries",
            "Secure Connection",
            "Directory Listing Exposed",
            "Passwords submitted unencrypted",
            "Missing Content-Security-Policy header",
            "Missing Strict-Transport-Security header",
            "Missing X-Content-Type-Options header",
            "WAF Detection",
            "Loose cookie domain",
            "OpenAPI Disclosure",
            "Password Leakage",
            "Error Messages Analysis",
            "Path Disclosure",
            "Rate Limit Headers",
            "Emails exposed",
            "XML-RPC Endpoint Detection (XML-RPC Endpoint Detection) ",
            "File Upload Detection",
            ".htaccess Exposure",
            "Host Header Injection"
        ],
        "Total Checks Failed": 16,
        "Failed Cases": [
            "Server Disclosure",
            "Technology Disclosure",
            "Missing Security Headers",
            "Missing Referrer-Policy header",
            "Missing HttpOnly flag in cookies",
            "Missing Secure flag in cookies",
            "Secret Files Detection",
            "robots.txt file found",
            "SSL Certificate",
            "Content Security Policy Misconfiguration",
            "Enabled Debug Method",
            "Enabled OPTIONS Method",
            "Cross-Domain Inclusion",
            "Client Access Policies",
            "X-FRAME OPTIONS",
            "X-XSS PROTECTION"
        ],
        "Total CVEs Found": 0,
        "Critical": 0,
        "High": 0,
        "Medium": 0,
        "Low": 0,
        "Total CWEs Found": 4
    },
    "total_scan_time": "1 minute, 4.9 seconds",
    "scan_start_timestamp": "2026-01-18 05:32:55"
}

Other Security Tools

Explore our comprehensive suite of security testing tools

Web Scanners

Malicious URL Test

Run Test

Web Scanners

Wordpress Test

Run Test

Web Scanners

SSL Security Test

Run Test

Web Scanners

Reconnaissance

Run Test

Web Scanners

Malicious IP Test

Run Test

Web Scanners

Security Headers Test

Run Test