Website Security Test of www.windy.com

Executive Summary for www.windy.com

• Web Software Security Test
  One third-party web software dependancy was identified. It appears to be outdated, but no known vulnerabilities were detected. No Content Management System (CMS) was identified. Show details.
• GDPR Compliance Test
  Potential GDPR compliance issues were identified related to Privacy Policy. The following checks were not performed, as no corresponding cookies with personal or tracking information seem to be sent by the website: Cookie Protection, Cookie Disclaimer. Show details.
• PCI DSS Compliance Test
  The website is compliant with PCI DSS Requirement 6.3, while being non-compliant with Requirement 6.4. Show details.
• HTTP Headers Security Test
  Issues were identified with key security headers: missing Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options; misconfigured Content-Security-Policy. An optional HTTP header may not be properly configured: Server. Show details.
• Content Security Policy (CSP) Test
  Content-Security-Policy is enforced but configuration issues were identified: overly permissive directives, directive errors. A report-only Content-Security-Policy is not present. Show details.
• Cookies Privacy and Security Test
  No cookies were detected. Show details.
• External Content Security Test
  40 external requests detected; 1 request failed. Show details.
• Protection from Data Scraping Test
  No significant anti-scraping protections were detected. Show details.
• DNSSEC Configuration Test
  DNS CNAME record detected; DNSSEC signatures are not present. Show details.