Vulnerability Scan
Security vulnerabilities and misconfiguration detection
0
Critical Issues
No Critical Threats
3
Medium Risk
+1 from last scan
5
Low Risk / Info
-2 from last scan
12
Tests Passed
80% Pass Rate
Detected Vulnerabilities
| Severity | Vulnerability | Category | Status | Action |
|---|---|---|---|---|
| Medium | Missing Security Headers X-Frame-Options and X-Content-Type-Options headers not set | HTTP Security | Open | |
| Medium | Weak SSL/TLS Configuration TLS 1.0 and 1.1 still enabled on server | Encryption | Open | |
| Medium | Directory Listing Enabled /uploads/ directory allows browsing of files | Configuration | Open | |
| Low | Server Version Disclosure Server header reveals software version information | Information Leak | Open | |
| Low | Missing Referrer-Policy No Referrer-Policy header configured | Privacy | Open |
Vulnerability Scan Categories
SSL/TLS Configuration
Passed
Certificate valid, HTTPS enforced
Security Headers
Needs Attention
Missing critical security headers
Authentication
Secure
Strong password policies enforced
Information Disclosure
Minor Issues
Some version info exposed
Injection Vulnerabilities
Protected
No SQL injection or XSS found
Server Configuration
Review Needed
Some misconfigurations detected
How to Add Security Headers
- Access your web server configuration file (Apache: .htaccess or httpd.conf, Nginx: nginx.conf).
- Add the following security headers to protect against common attacks:# Apache
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()" - For Nginx, use the add_header directive:# Nginx
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always; - If using a CDN or cloud service (Cloudflare, AWS), configure headers through their dashboard.
- Test your headers using securityheaders.com or similar tools.
- Restart your web server to apply the changes.
Security Headers Explained
- X-Frame-OptionsPrevents clickjacking attacks
- X-Content-Type-OptionsPrevents MIME type sniffing
- X-XSS-ProtectionEnables browser XSS filtering
- Strict-Transport-SecurityForces HTTPS connections (HSTS)
- Content-Security-PolicyControls resource loading sources
- Referrer-PolicyControls referrer information sharing
Security Best Practices
- Regular ScansRun vulnerability scans weekly
- Keep UpdatedUpdate software and dependencies regularly
- Principle of Least PrivilegeMinimize permissions and access rights
- Input ValidationSanitize and validate all user inputs
- Security MonitoringImplement logging and alerting systems