Website Security Test of www.spotlight.com

Executive Summary for www.spotlight.com

• Web Software Security Test
  8 third-party web software dependancies were identified, including 4 outdated dependancies. A total of 3 known vulnerabilities were detected. 3 identified third-party web software dependancies have unknown versions. The CMS (WordPress) was identified, however, its version could not be determined. The following CMS components, JS-libraries or frameworks were identified: jquery, bootstrap, core-js, and others. Software fingerprinting may be restricted by the system, so the results could be incomplete. Show details.
• GDPR Compliance Test
  Potential GDPR compliance issues were identified related to Website Security. Website Security check may be incomplete due to a scanning timeout. Show details.
• PCI DSS Compliance Test
  Potential PCI DSS compliance issues were identified related to Requirements 6.3 and 6.4. Show details.
• HTTP Headers Security Test
  Issues were identified with key security headers: missing Strict-Transport-Security, Content-Security-Policy, X-Frame-Options. An optional HTTP header may not be properly configured: Report-To. Show details.
• Content Security Policy (CSP) Test
  Content-Security-Policy headers are not present. Show details.
• Cookies Privacy and Security Test
  One detected cookie appears to be properly configured from a security perspective. Show details.
• External Content Security Test
  27 external requests detected; 5 requests failed. SRI is implemented for 3 out of 16 third-party JavaScript and CSS files. Show details.
• Protection from Data Scraping Test
  No significant anti-scraping protections were detected. Show details.
• DNSSEC Configuration Test
  DNS CNAME record detected; DNSSEC signatures are not present. Show details.