Website Security Test of vpass.volaris.com

Executive Summary for vpass.volaris.com

• Web Software Security Test
  3 third-party web software dependancies were identified, including 2 outdated dependancies. No known vulnerabilities were detected. No Content Management System (CMS) was identified. The following CMS components, JS-libraries or frameworks were identified: axios, ua-parser-js, core-js. Show details.
• GDPR Compliance Test
  Potential GDPR compliance issues were identified related to Cookie Protection. Show details.
• PCI DSS Compliance Test
  No obvious PCI DSS compliance issues were detected for Requirements 6.3 and 6.4. Show details.
• HTTP Headers Security Test
  Issues were identified with key security header misconfigured Content-Security-Policy. Optional HTTP header appears to be properly configured: Server. Deprecated HTTP headers detected: X-XSS-Protection. Show details.
• Content Security Policy (CSP) Test
  Content-Security-Policy is enforced but configuration issues were identified: directive errors. A report-only Content-Security-Policy is not present. Show details.
• Cookies Privacy and Security Test
  6 cookies detected; XSRF-TOKEN, laravel_session, AWSALBAPP-0, AWSALBAPP-1, AWSALBAPP-2, AWSALBAPP-3 have security or privacy-related configuration issues. Show details.
• External Content Security Test
  39 external requests detected; 2 requests failed. SRI is not used for 12 third-party JavaScript and CSS files. Show details.
• Protection from Data Scraping Test
  No significant anti-scraping protections were detected. Show details.
• DNSSEC Configuration Test
  DNS CNAME record detected; DNSSEC signatures are not present. Show details.