https://tuwien.at
Analyse abgeschlossen. 5 Schwachstellen gefunden · Score 40/100.
Unlock full view + PDF report
clean PDF report · history
Critical findings — act immediately
The following item should be fixed immediately:
-
SSL certificate expires in 13 days
Once the certificate expires, the site becomes unreachable for visitors (browser warning). Renew immediately.
Sensitive reconnaissance findings
Recon · OSINT 🔒 maskedThis section contains sensitive findings (e-mails found, sensitive paths, server versions). For visitors without an account, actual values are masked — only count and status are shown. → Sign in for full view
Quick Wins — biggest impact
These 3 changes raise your score the most.
40 → 80
-
1
SSL certificate expires in 13 days
+20 ⏱ 5 Minuten · leichtOnce the certificate expires, the site becomes unreachable for visitors (browser warning). Renew immediately.
-
2
Content-Security-Policy missing i CSP Content-Security-Policy: defines which sources may load scripts, images and styles. The most effective defence against Cross-Site-Scripting (XSS) — attackers can no longer inject foreign code.
+10 ⏱ 30 Minuten · mittelNo CSP – high XSS risk.
-
3
TYPO3: CVE-2024-34356 (High)
+10 ⏱ 30–60 Minuten · mittelFehlende Zugriffskontrolle im Backend ermöglicht Privilege Escalation
+ 2 more vulnerabilities — see the list below
Scan categories
SSL & HTTPS
Passed ✓
HTTP headers
Issues ✗
DNS & infrastructure
Passed ✓
E-mail protection
Issues ✗
Open ports
Passed ✓
GDPR
Passed ✓
Vulnerabilities found
SSL certificate expires in 13 days
Once the certificate expires, the site becomes unreachable for visitors (browser warning). Renew immediately.
+ 4 more vulnerabilities locked
Including action items & fixes — unlock for free
Save this report as PDF
With a free account: full PDF report with screenshot, Quick Wins, all recommendations and step-by-step fixes — perfect to show, archive or pass on to clients.
Terms in this report
Understand what we found — the key concepts behind the findings, briefly explained.
SSL & TLS
How SSL/TLS certificates work, how the handshake unfolds and what to watch for when checking — explained in plain English.
HSTS (Strict-Transport-Security) forces browsers permanently to HTTPS. Learn how the header is built, what includeSubDomains and p…
CAA records define which certificate authorities are allowed to issue SSL certificates for your domain. Protection against mis-iss…
DMARC protects your domain from e-mail spoofing. Learn how the record is structured, what p=none/quarantine/reject mean and how to…
SPF (Sender Policy Framework) prevents foreign servers from sending e-mails under your domain name. Structure, mechanisms and best…
DKIM signs your outgoing e-mails cryptographically — the recipient can reliably verify a mail came from you. Structure, selectors …
HTTP headers
The Content-Security-Policy is the most important browser-side defence against XSS. Learn how a CSP is structured and how to roll …
X-Frame-Options prevents clickjacking by controlling whether your site can be embedded in an iframe. Values DENY, SAMEORIGIN and t…
The Referrer-Policy controls which information is sent when users click external links. Values, privacy implications and safe defa…
The Permissions-Policy selectively disables browser features like geolocation, microphone, camera and FLoC. Structure, all directi…
X-Content-Type-Options: nosniff prevents browsers from guessing the MIME type of files. Protection against cross-site-scripting an…
Frontend & APIs
SRI protects external JavaScript and CSS files against tampering on the CDN. Hash-based integrity verification in the browser — ex…
Cross-Origin Resource Sharing controls which foreign sites may call your APIs. Same-Origin policy, preflight requests and the key …
Secure, HttpOnly and SameSite — the three most important cookie flags and what they do. How to harden sessions against XSS, MITM a…