https://help.gv.at
Analyse abgeschlossen. 3 Schwachstellen gefunden · Score 80/100.
Unlock 2 masked findings
1 e-mails · Server version · clean PDF report · history
Sensitive reconnaissance findings
Recon · OSINT 🔒 maskedThis section contains sensitive findings (e-mails found, sensitive paths, server versions). For visitors without an account, actual values are masked — only count and status are shown. → Sign in for full view
Server: Apache/●●●●●
X-Powered-By: Next.js/●●●●●
🔒 Server version reveals concrete vulnerabilities — sign up for free for full view
ma●●●@●●●.com
🔒 1 e-mails readable by spam bots — sign up for free for the full list
Quick Wins — biggest impact
These 3 changes raise your score the most.
80 → 100
-
1
No SPF record i SPF Sender Policy Framework: DNS record that defines which servers are allowed to send e-mail on behalf of your domain. The most important baseline protection against e-mail spoofing.
+15 ⏱ 10 Minuten · leichtAnyone can send e-mails on behalf of this domain.
-
2
1 unprotected e-mail address(es) on the page
+3 ⏱ 15-30 Minuten · mittelSpam bots and scrapers find these addresses automatically in under a second:
max.mustermann@mail.com -
3
Server version disclosure
+2 ⏱ 5 Minuten · leichtThe server reveals software versions:
X-Powered-By: Next.js. Helps attackers look up known exploits for this exact version.
Scan categories
SSL & HTTPS
Passed ✓
HTTP headers
Issues ✗
DNS & infrastructure
Passed ✓
E-mail protection
Issues ✗
Open ports
Passed ✓
GDPR
Passed ✓
Vulnerabilities found
No SPF record
Anyone can send e-mails on behalf of this domain.
+ 2 more vulnerabilities locked
Including action items & fixes — unlock for free
Save this report as PDF
With a free account: full PDF report with screenshot, Quick Wins, all recommendations and step-by-step fixes — perfect to show, archive or pass on to clients.
Terms in this report
Understand what we found — the key concepts behind the findings, briefly explained.
SSL & TLS
How SSL/TLS certificates work, how the handshake unfolds and what to watch for when checking — explained in plain English.
HSTS (Strict-Transport-Security) forces browsers permanently to HTTPS. Learn how the header is built, what includeSubDomains and p…
CAA records define which certificate authorities are allowed to issue SSL certificates for your domain. Protection against mis-iss…
DMARC protects your domain from e-mail spoofing. Learn how the record is structured, what p=none/quarantine/reject mean and how to…
SPF (Sender Policy Framework) prevents foreign servers from sending e-mails under your domain name. Structure, mechanisms and best…
DKIM signs your outgoing e-mails cryptographically — the recipient can reliably verify a mail came from you. Structure, selectors …
HTTP headers
The Content-Security-Policy is the most important browser-side defence against XSS. Learn how a CSP is structured and how to roll …
X-Frame-Options prevents clickjacking by controlling whether your site can be embedded in an iframe. Values DENY, SAMEORIGIN and t…
The Referrer-Policy controls which information is sent when users click external links. Values, privacy implications and safe defa…
The Permissions-Policy selectively disables browser features like geolocation, microphone, camera and FLoC. Structure, all directi…
X-Content-Type-Options: nosniff prevents browsers from guessing the MIME type of files. Protection against cross-site-scripting an…
Frontend & APIs
SRI protects external JavaScript and CSS files against tampering on the CDN. Hash-based integrity verification in the browser — ex…
Cross-Origin Resource Sharing controls which foreign sites may call your APIs. Same-Origin policy, preflight requests and the key …
Secure, HttpOnly and SameSite — the three most important cookie flags and what they do. How to harden sessions against XSS, MITM a…