← new scan
~/scans/wrong.host.badssl.com.report
⇣ export pdf
target wrong.host.badssl.com
resolved104.154.89.105
scanned 2026-07-18 10:01:59
modules 7 of 7 completed
// overall risk
HIGH Risk
17 issues across 7 modules — 2 high, 6 medium, 9 low
0 critical
2 high
6 medium
9 low
0 ok
01
WHOIS & DNS
DNS records retrieved — email policy issues found
MEDIUM
02
SSL / TLS Certificate
Valid certificate, expires in 37 days — TLSv1.2
· LOW
03
CMS Detection
No CMS detected
OK
04
Security Headers
7 of 7 headers missing
HIGH
// raw output
HSTS MISSING
CSP MISSING
X-Frame-Options MISSING
X-Content-Type-Options MISSING
Referrer-Policy MISSING
Permissions-Policy MISSING
Cross-Origin-Opener MISSING
// findings (8)
  • medium HSTS not set — browsers may allow HTTP connections
  • high X-Content-Type-Options missing — MIME-sniffing possible
  • high X-Frame-Options missing — clickjacking attacks possible
  • medium Referrer-Policy missing — leaking referrer data to third parties
  • medium Content-Security-Policy missing — site exposed to XSS injection
  • medium Permissions-Policy missing — browser features not restricted
  • · low Cross-Origin-Opener-Policy not set
  • · low No /.well-known/security.txt — researchers cannot find a contact for vulnerability reports
05
Raw HTTP Headers
HTTP/1.1 · 9 headers · nginx/1.10.3 (Ubuntu)
MEDIUM
06
External JS Libraries
No external JS libraries detected
OK
07
Malware & Blocklists
Clean — not present on any monitored blocklist
OK
// end of report · wrong.host.badssl.com · 2026-07-18 10:01:59 ↻ scan again