← new scan
~/scans/docs.xquik.com.report
⇣ export pdf
target docs.xquik.com
resolved162.159.143.13
scanned 2026-07-18 10:01:24
modules 7 of 7 completed
// overall risk
HIGH Risk
11 issues across 7 modules — 2 high, 3 medium, 6 low
0 critical
2 high
3 medium
6 low
0 ok
01
WHOIS & DNS
DNS records retrieved — SPF & DMARC present
· LOW
// whois
registrar Cloudflare, Inc.
created 2026-02-19
expires 2027-02-19
updated 2026-06-06
nameserver gabe.ns.cloudflare.com
nameserver lauryn.ns.cloudflare.com
status client transfer prohibited
// dns records
A 172.67.195.116
A 104.21.84.178
AAAA 2606:4700:3033::ac43:c374
AAAA 2606:4700:3037::6815:54b2
www A 172.67.195.116
www A 104.21.84.178
www AAAA 2606:4700:3037::6815:54b2
www AAAA 2606:4700:3033::ac43:c374
MX 10 inbound-smtp.eu-west-1.amazonaws.com
NS GABE.NS.CLOUDFLARE.COM
NS LAURYN.NS.CLOUDFLARE.COM
// ip whois (2)
104.21.84.178 SSL unavailable for this endpoint, order a key at https://members.ip-api.com/ whois ↗
172.67.195.116 SSL unavailable for this endpoint, order a key at https://members.ip-api.com/ whois ↗
// email security
// txt records (5)
txt.01 yandex-verification: 46a7550a9dcd1c77
txt.02 google-site-verification=smTKuZE2yyONGA-NvRTTHUuLaTdi6EIEcN9c0wcSgKY
txt.03 n7tquwapk6
txt.04 openai-domain-verification=dv-YTJAgz6miDFiU2iSOFP55fEl
txt.05 v=MCPv1; k=ed25519; p=Jb7XrBpKa/+b7V/zXtKIPkUt7tYA35GcUXZxQVQ9Rjg=
// findings (6)
  • ok SPF record present
  • ok DMARC record present
  • ok 1 MX record(s) configured
  • · low No CAA records — any certificate authority can issue certs for this domain
  • · low No MTA-STS DNS record at _mta-sts — inbound mail can be downgraded
  • · low No TLS-RPT record at _smtp._tls — no visibility into TLS delivery failures
02
SSL / TLS Certificate
Valid certificate, expires in 33 days — TLSv1.3
· LOW
// raw output
issuer E8
subject docs.xquik.com
valid from May 23 02:04:07 2026 UTC
valid to Aug 21 02:04:06 2026 UTC
tls version TLSv1.3
// findings (3)
  • · low Certificate renews in 33 days — check auto-renewal
  • ok TLS 1.3 in use — best available protocol
  • ok HTTP redirects to HTTPS in 1 hop(s)
03
CMS Detection
No CMS detected
OK
// raw output
cms none detected
// findings (1)
  • ok No known CMS fingerprint found
04
Security Headers
4 of 7 headers missing
HIGH
// raw output
HSTS ok (max-age=63072000)
CSP ok (worker-src * blob: data: 'unsafe-eval' ')
X-Frame-Options ok (DENY)
X-Content-Type-Options MISSING
Referrer-Policy MISSING
Permissions-Policy MISSING
Cross-Origin-Opener MISSING
// findings (9)
  • high X-Content-Type-Options missing — MIME-sniffing possible
  • medium Referrer-Policy missing — leaking referrer data to third parties
  • medium Permissions-Policy missing — browser features not restricted
  • · low Cross-Origin-Opener-Policy not set
  • ok X-Frame-Options is configured
  • ok Content-Security-Policy is configured
  • ok Strict-Transport-Security is configured
  • medium CSP weakness — no default-src or script-src — falls back to permissive defaults
  • · low No /.well-known/security.txt — researchers cannot find a contact for vulnerability reports
05
Raw HTTP Headers
HTTP/3 · 27 headers · cloudflare
OK
// detected
Cloudflare Site is fronted by Cloudflare — WAF, DDoS protection and CDN caching active
HTTP/3 HTTP/3 (QUIC) in use — fastest available protocol, low latency and connection migration
GZIP compression Response is GZIP-compressed — reduces bandwidth usage
// raw headers (27)
status HTTP/3 200
age 7832
date Sat, 18 Jul 2026 10:01:22 GMT
link </llms.txt>; rel="llms-txt", </llms-full.txt>; rel="llms-full-txt", </.well-know…
vary rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch,…
cf-ray a1d0a5099fff125f-ORD
pragma no-cache
server cloudflare
expires 0
location https://docs.xquik.com/api-reference/overview
x-version dpl_7XJVrS6XwhvnXLKutpbpJWypuPG9
x-llms-txt /llms.txt
x-vercel-id cle1::iad1::qnt8l-1784361048656-a714e3d56881
content-type text/html; charset=utf-8
cache-control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
last-modified Sat, 18 Jul 2026 07:50:49 GMT
x-matched-path /_sites/[subdomain]/[[...slug]]
x-vercel-cache MISS
cf-cache-status HIT
x-frame-options DENY
content-encoding gzip
x-served-version dpl_7XJVrS6XwhvnXLKutpbpJWypuPG9
x-vercel-project-id prj_NdMUpHpUIb41Po1H8c6hrChv2bgr
x-mint-proxy-version 1.0.0-prod
content-security-policy worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-…
strict-transport-security max-age=63072000
x-mintlify-client-version 0.0.3278
// findings (4)
  • ok Cloudflare detected (WAF + CDN)
  • ok HTTP/3 enabled — best available
  • ok GZIP compression active
  • ok Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
06
External JS Libraries
No external JS libraries detected
OK
// raw output
external scripts 0 detected
// findings (1)
  • ok No third-party JavaScript files loaded
07
Malware & Blocklists
Threats detected — 1 suspicious indicator(s)
MEDIUM
// raw output
Google Safe Browsing clean
VirusTotal clean
injected scripts 1 detected
malware patterns 1 matches
// findings (3)
  • ok Google Safe Browsing — clean
  • ok VirusTotal — clean
  • high Malware pattern detected: Suspicious setTimeout with redirect
// end of report · docs.xquik.com · 2026-07-18 10:01:24 ↻ scan again