Website Security Test of dropload.io

Executive Summary for dropload.io

• Web Software Security Test
  2 third-party web software dependancies were identified, including 2 outdated dependancies. A total of 3 known vulnerabilities were detected. One identified third-party web software dependancy has an unknown version. No Content Management System (CMS) was identified. The following CMS components, JS-libraries or frameworks were identified: jquery, bootstrap. Software fingerprinting may be restricted by the system, so the results could be incomplete. Show details.
• GDPR Compliance Test
  Potential GDPR compliance issues were identified related to Website Security. Website Security check may be incomplete because fingerprinting attempts appear to be blocked. Show details.
• PCI DSS Compliance Test
  The website is non-compliant with PCI DSS Requirement 6.4. The assessment of PCI DSS Requirement 6.3 may be incomplete due to limited software fingerprinting. Show details.
• HTTP Headers Security Test
  Issues were identified with key security headers: missing Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options. An optional HTTP header may not be properly configured: Report-To. Show details.
• Content Security Policy (CSP) Test
  Content-Security-Policy headers are not present. Show details.
• Cookies Privacy and Security Test
  One cookie detected; lang has security or privacy-related configuration issues. Show details.
• External Content Security Test
  17 external requests detected; all requests completed successfully. SRI is implemented for 1 out of 7 third-party JavaScript and CSS files. Show details.
• Protection from Data Scraping Test
  9 User-Agent blocks and 6 bot protection mechanisms detected. No protection detected via robots.txt rules or meta restrictions. Additional anti-scraping protection appears to be provided by external infrastructure. Show details.
• DNSSEC Configuration Test
  DNS A record detected; DNSSEC signatures are not present. Show details.