Website Security Test of websec.nu

Executive Summary for websec.nu

• Web Software Security Test
  7 third-party web software dependancies were identified, including 4 outdated dependancies. No known vulnerabilities were detected. One identified third-party web software dependancy has an unknown version. The identified CMS (WordPress) appears to be up to date. The following CMS components, JS-libraries or frameworks were identified: GDPR Cookie Consent, LiteSpeed Cache, react, and others. Software fingerprinting may be restricted by the system, so the results could be incomplete. Show details.
• GDPR Compliance Test
  No obvious GDPR-related compliance issues were detected across Privacy Policy, Website Security, TLS Encryption, Cookie Protection, Cookie Disclaimer. Website Security check may be incomplete due to a scanning timeout. Show details.
• PCI DSS Compliance Test
  No obvious PCI DSS compliance issues were detected for Requirements 6.3 and 6.4. Show details.
• HTTP Headers Security Test
  Issues were identified with key security header misconfigured Content-Security-Policy. An optional HTTP header may not be properly configured: Content-Security-Policy-Report-Only. Deprecated HTTP headers detected: X-XSS-Protection. Show details.
• Content Security Policy (CSP) Test
  Content-Security-Policy is enforced but configuration issues were identified: directive errors. The report-only Content-Security-Policy contains issues: overly permissive directives, directive errors, deprecated directives. Show details.
• Cookies Privacy and Security Test
  No cookies were detected. Show details.
• External Content Security Test
  No external requests were detected. Show details.
• Protection from Data Scraping Test
  1 User-Agent block and 1 bot protection mechanism detected. No protection detected via robots.txt rules or meta restrictions. Show details.
• DNSSEC Configuration Test
  DNS A record detected; DNSSEC signatures are present and fully validated. Show details.