Skip to main content
Favicon of krone.at
Audit report 11:25:10

https://krone.at

Analyse abgeschlossen. 7 Schwachstellen gefunden · Score 57/100.

D 57/100
Security
60 /100
GDPR
Full view · free

Unlock 4 masked findings

4 e-mails · clean PDF report · history

Unlock for free · 30 sec

Sensitive reconnaissance findings

Recon · OSINT 🔒 masked

This section contains sensitive findings (e-mails found, sensitive paths, server versions). For visitors without an account, actual values are masked — only count and status are shown. → Sign in for full view

robots.txt — not present
sitemap.xml — not present
.git directory ✓ protected
Server disclosure ✓ hidden
Sensitive files ✓ none of the 13 checked files reachable
Unprotected e-mail addresses ⚠ 4 visible to spam bots
of●●●@●●●.at bb●●●@●●●.at ku●●●@●●●.at a.●●●@●●●.ru

🔒 4 e-mails readable by spam bots — sign up for free for the full list

Quick Wins — biggest impact

These 3 changes raise your score the most.

+45 points

57 → 100

  1. 1

    No cookie-consent tool i

    +25 ⏱ 2–4 Stunden · aufwändig

    Tracking scripts (analytics, marketing pixels) are loaded, but no consent-management tool was detected. Under GDPR and §165 TKG 2021 this is unlawful — fines up to €20M possible.

  2. 2

    Content-Security-Policy missing i

    +10 ⏱ 30 Minuten · mittel

    No CSP – high XSS risk.

  3. 3

    HTTP is not redirected to HTTPS i

    +10 ⏱ 10 Minuten · leicht

    A request to http://krone.at does return a redirect (301), but it does not lead to HTTPS – it points to http://www.krone.at/. Visitors with old bookmarks or embedded http links stay on the unencrypted connection.

+ 4 more vulnerabilities — see the list below

Scan categories

SSL & HTTPS

Passed ✓

HTTP headers

Issues ✗

DNS & infrastructure

Passed ✓

E-mail protection

Passed ✓

Open ports

Passed ✓

GDPR

Issues ✗

Vulnerabilities found

4 critical 2 medium 1 low
High

No cookie-consent tool

Tracking scripts (analytics, marketing pixels) are loaded, but no consent-management tool was detected. Under GDPR and §165 TKG 2021 this is unlawful — fines up to €20M possible.

+ 6 more vulnerabilities locked

Including action items & fixes — unlock for free

Save this report as PDF

With a free account: full PDF report with screenshot, Quick Wins, all recommendations and step-by-step fixes — perfect to show, archive or pass on to clients.

PDF download Scan history Domain monitoring E-mail alerts Re-scan diff
Sign up for free · 30 sec Already have an account? Sign in →

Terms in this report

Understand what we found — the key concepts behind the findings, briefly explained.

HTTP headers

CSP explained csp

The Content-Security-Policy is the most important browser-side defence against XSS. Learn how a CSP is structured and how to roll …
X-Frame-Options explained x-frame-options

X-Frame-Options prevents clickjacking by controlling whether your site can be embedded in an iframe. Values DENY, SAMEORIGIN and t…
Referrer-Policy explained referrer-policy

The Referrer-Policy controls which information is sent when users click external links. Values, privacy implications and safe defa…
Permissions-Policy explained permissions-policy

The Permissions-Policy selectively disables browser features like geolocation, microphone, camera and FLoC. Structure, all directi…
MIME sniffing & X-Content-Type-Options explained mime-sniffing

X-Content-Type-Options: nosniff prevents browsers from guessing the MIME type of files. Protection against cross-site-scripting an…
→ All 15 glossary articles