ImmuniWeb® Community | Website Security Test 2020 © ImmuniWeb® Community | Website Security Test | https://www.immuniweb.com/websec/?id=L4RelbPA 1 / 5 Web Software Found 2 Web Software Outdated 0 Web Software Vulnerabilities 0 FINAL GRADE C DNS SERVER IP 3.7.116.247 REVERSE DNS ec2-3-7-116-247.ap-south-1.compute... CLIENT Desktop Browser INFO DATE OF TEST November 27th 2020, 11:25 SERVER LOCATION Fairfield HTTP RESPONSE 200 OK REDIRECT TO N/A H2 HTTP/1.1 NPN H2 ALPN GZIP CONTENT ENCODING SERVER SIGNATURE nginx/1.18.0 Ubuntu WAF No WAF detected LOCATION N/A GET HEAD HTTP METHODS ENABLED FINGERPRINTED CMS & VULNERABILITIES Summary of suite.beta.cashify.in [Desktop Version] Website Security Test Web Server Security Software Security Analysis ImmuniWeb® Community | Website Security Test 2020 © ImmuniWeb® Community | Website Security Test | https://www.immuniweb.com/websec/?id=L4RelbPA 2 / 5 No CMS were fingerprinted on the website. Information The fingerprinted component version is up2date, no security issues were found. The fingerprinted component version is up2date, no security issues were found. FINGERPRINTED CMS COMPONENTS & VULNERABILITIES Drift-zoom 1.4.1 Json2 20160511 If the website processes or stores any PII of EU residents, the following requirements of EU GDPR may apply: PRIVACY POLICY Misconfiguration or weakness Privacy Policy was not found on the website or is not easily accessible. WEBSITE SOFTWARE SECURITY Good configuration No vulnerabilities found in the website CMS or its components. SSL/TLS TRAFFIC ENCRYPTION Good configuration SSL/TLS encryption seems to be present. COOKIE CONFIGURATION Information No cookies with potentially sensitive information seem to be sent. COOKIES DISCLAIMER Information No cookies with potentially sensitive or tracking information seem to be sent. GDPR Compliance Analysis ImmuniWeb® Community | Website Security Test 2020 © ImmuniWeb® Community | Website Security Test | https://www.immuniweb.com/websec/?id=L4RelbPA 3 / 5 If the website falls into a CDE (Cardholder Data Environment) scope, the following Requirements of PCI DSS may apply: REQUIREMENT 6.2 Good configuration Website CMS and its components seem to be up2date. Implement continuous monitoring for new security updates. REQUIREMENT 6.5 Good configuration No publicly known vulnerabilities seem to be present in the fingerprinted versions the website CMS and its components. REQUIREMENT 6.6 Misconfiguration or weakness No WAF was detected on the website. Implement a WAF to protect the website against common web attacks. PCI DSS Compliance Analysis ImmuniWeb® Community | Website Security Test 2020 © ImmuniWeb® Community | Website Security Test | https://www.immuniweb.com/websec/?id=L4RelbPA 4 / 5 Misconfiguration or weakness Strict-Transport-Security X-Frame-Options X-XSS-Protection X-Content-Type-Options Expect-CT Access-Control-Allow-Origin Public-Key-Pins Public-Key-Pins-Report-Only Permissions-Policy Some HTTP headers related to security and privacy are missing or misconfigured. MISSING REQUIRED HTTP HEADERS MISSING OPTIONAL HTTP HEADERS SERVER Misconfiguration or weakness The web server discloses its version, potentially facilitating further attacks against it. Raw HTTP Header Server: nginx/1.18.0 (Ubuntu) CONTENT-SECURITY-POLICY Misconfiguration or weakness The header was not sent by the server. CONTENT-SECURITY-POLICY-REPORT-ONLY Information The header was not sent by the server. HTTP Headers Security Analysis Content Security Policy Hardening ImmuniWeb® Community | Website Security Test 2020 © ImmuniWeb® Community | Website Security Test | https://www.immuniweb.com/websec/?id=L4RelbPA 5 / 5 Information No cookies were sent by the web application. No external content found on tested page. Information Cookies Security Analysis External Content Analysis