Website Security Test of www.amazon.in

Executive Summary for www.amazon.in

• Web Software Security Test
  4 third-party web software dependancies were identified, including 4 outdated dependancies. A total of 7 known vulnerabilities were detected. One identified third-party web software dependancy has an unknown version. No Content Management System (CMS) was identified. The following CMS components, JS-libraries or frameworks were identified: jquery, ua-parser-js, core-js, and others. Show details.
• GDPR Compliance Test
  Potential GDPR compliance issues were identified related to Website Security. Show details.
• PCI DSS Compliance Test
  Potential PCI DSS compliance issues were identified related to Requirements 6.3 and 6.4. Show details.
• HTTP Headers Security Test
  Issues were identified with key security headers: misconfigured Strict-Transport-Security, Content-Security-Policy. An optional HTTP header may not be properly configured: Content-Security-Policy-Report-Only. Deprecated HTTP headers detected: X-XSS-Protection. Show details.
• Content Security Policy (CSP) Test
  Content-Security-Policy is enforced but configuration issues were identified: overly permissive directives, deprecated directives, directive errors. The report-only Content-Security-Policy contains issues: directive errors, overly permissive directives, deprecated directives. Show details.
• Cookies Privacy and Security Test
  3 cookies detected; session-id, session-id-time, i18n-prefs have security or privacy-related configuration issues. Show details.
• External Content Security Test
  303 external requests detected; all requests completed successfully. SRI is not used for 23 third-party JavaScript and CSS files. Show details.
• Protection from Data Scraping Test
  No significant anti-scraping protections were detected. Show details.
• DNSSEC Configuration Test
  DNS CNAME record detected; DNSSEC signatures are not present. Show details.