← new scan
~/scans/dashboard.xquik.com.report
⇣ export pdf
target dashboard.xquik.com
resolved104.21.84.178
scanned 2026-07-18 10:01:21
modules 7 of 7 completed
// overall risk
MEDIUM Risk
8 issues across 7 modules — 3 medium, 5 low
0 critical
0 high
3 medium
5 low
0 ok
01
WHOIS & DNS
DNS records retrieved — SPF & DMARC present
· LOW
// whois
registrar Cloudflare, Inc.
created 2026-02-19
expires 2027-02-19
updated 2026-06-06
nameserver gabe.ns.cloudflare.com
nameserver lauryn.ns.cloudflare.com
status client transfer prohibited
// dns records
A 104.21.84.178
A 172.67.195.116
AAAA 2606:4700:3033::ac43:c374
AAAA 2606:4700:3037::6815:54b2
www A 104.21.84.178
www A 172.67.195.116
www AAAA 2606:4700:3037::6815:54b2
www AAAA 2606:4700:3033::ac43:c374
MX 10 inbound-smtp.eu-west-1.amazonaws.com
NS GABE.NS.CLOUDFLARE.COM
NS LAURYN.NS.CLOUDFLARE.COM
// ip whois (2)
104.21.84.178 SSL unavailable for this endpoint, order a key at https://members.ip-api.com/ whois ↗
172.67.195.116 SSL unavailable for this endpoint, order a key at https://members.ip-api.com/ whois ↗
// email security
// txt records (5)
txt.01 yandex-verification: 46a7550a9dcd1c77
txt.02 google-site-verification=smTKuZE2yyONGA-NvRTTHUuLaTdi6EIEcN9c0wcSgKY
txt.03 n7tquwapk6
txt.04 openai-domain-verification=dv-YTJAgz6miDFiU2iSOFP55fEl
txt.05 v=MCPv1; k=ed25519; p=Jb7XrBpKa/+b7V/zXtKIPkUt7tYA35GcUXZxQVQ9Rjg=
// findings (6)
  • ok SPF record present
  • ok DMARC record present
  • ok 1 MX record(s) configured
  • · low No CAA records — any certificate authority can issue certs for this domain
  • · low No MTA-STS DNS record at _mta-sts — inbound mail can be downgraded
  • · low No TLS-RPT record at _smtp._tls — no visibility into TLS delivery failures
02
SSL / TLS Certificate
Valid certificate, expires in 59 days — TLSv1.3
· LOW
// raw output
issuer YE2
subject xquik.com
valid from Jun 17 15:19:25 2026 UTC
valid to Sep 15 15:19:24 2026 UTC
tls version TLSv1.3
// findings (3)
  • · low Certificate renews in 59 days — check auto-renewal
  • ok TLS 1.3 in use — best available protocol
  • ok HTTP redirects to HTTPS in 3 hop(s)
03
CMS Detection
No CMS detected
OK
// raw output
cms none detected
// findings (1)
  • ok No known CMS fingerprint found
04
Security Headers
All 7 security headers present
MEDIUM
// raw output
HSTS ok (max-age=31536000; includeSubDomains; pre)
CSP ok (default-src 'self'; script-src 'self' 'u)
X-Frame-Options ok (DENY)
X-Content-Type-Options ok (nosniff)
Referrer-Policy ok (strict-origin-when-cross-origin)
Permissions-Policy ok (camera=(), microphone=(), geolocation=())
Cross-Origin-Opener ok (same-origin)
// findings (9)
  • ok Referrer-Policy is configured
  • ok X-Frame-Options is configured
  • ok Permissions-Policy is configured
  • ok X-Content-Type-Options is configured
  • ok Content-Security-Policy is configured
  • ok Strict-Transport-Security is configured
  • ok Cross-Origin-Opener-Policy is configured
  • medium CSP weakness — 'unsafe-inline' in script-src — defeats most XSS protection
  • ok /.well-known/security.txt is present (RFC 9116)
05
Raw HTTP Headers
HTTP/3 · 23 headers · cloudflare
MEDIUM
// detected
Cloudflare Site is fronted by Cloudflare — WAF, DDoS protection and CDN caching active
HTTP/3 HTTP/3 (QUIC) in use — fastest available protocol, low latency and connection migration
Cookie flags missing 2 of 2 cookie(s) missing security flags
// raw headers (23)
status HTTP/3 200
nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
date Sat, 18 Jul 2026 10:01:17 GMT
link <https://dashboard.xquik.com/en/login>; rel="alternate"; hreflang="en", <https:/…
vary rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch,…
cf-ray a1d0a4ebbcf935ac-ORD
server cloudflare
alt-svc h3=":443"; ma=86400
location https://dashboard.xquik.com/en/login?redirect=%2Fdashboard
report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare…
set-cookie NEXT_LOCALE=en; Path=/; Expires=Sun, 18 Jul 2027 10:01:17 GMT; Max-Age=31536000;…
content-type text/html; charset=utf-8
x-powered-by Next.js
x-robots-tag noindex, nofollow
cache-control private, no-cache, no-store, max-age=0, must-revalidate
cf-cache-status DYNAMIC
referrer-policy strict-origin-when-cross-origin
x-frame-options DENY
permissions-policy camera=(), microphone=(), geolocation=()
x-content-type-options nosniff
content-security-policy default-src 'self'; script-src 'self' 'unsafe-inline' https://js.stripe.com http…
strict-transport-security max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy same-origin
// findings (6)
  • ok Cloudflare detected (WAF + CDN)
  • ok HTTP/3 enabled — best available
  • · low No response compression detected — consider enabling GZIP or Brotli
  • ok Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
  • medium Cookie NEXT_LOCALE (missing: HttpOnly)
  • medium Cookie NEXT_LOCALE (missing: HttpOnly)
06
External JS Libraries
No external JS libraries detected
OK
// raw output
external scripts 0 detected
// findings (1)
  • ok No third-party JavaScript files loaded
07
Malware & Blocklists
Clean — not present on any monitored blocklist
OK
// raw output
Google Safe Browsing clean
VirusTotal clean
injected scripts 0 detected
malware patterns 0 matches
// findings (3)
  • ok Google Safe Browsing — clean
  • ok VirusTotal — clean
  • ok No malware signatures found across monitored blocklists
// end of report · dashboard.xquik.com · 2026-07-18 10:01:21 ↻ scan again