Skip to main content
Favicon of o2online.de
Audit report 11:32:51 Cloudflare

https://o2online.de

Analyse abgeschlossen. 4 Schwachstellen gefunden · Score 55/100.

D 55/100
Security
65 /100
GDPR
Full view · free

Unlock full view + PDF report

clean PDF report · history

Unlock for free · 30 sec

Critical findings — act immediately

The following item should be fixed immediately:

  • Critical ports open

    Dangerous services reachable from the internet: 23/Telnet, 21/FTP, 445/SMB, 1433/MSSQL, 1521/Oracle DB, 3306/MySQL, 3389/RDP, 5900/VNC, 5432/PostgreSQL, 6379/Redis, 27017/MongoDB.

Sensitive reconnaissance findings

Recon · OSINT 🔒 masked

This section contains sensitive findings (e-mails found, sensitive paths, server versions). For visitors without an account, actual values are masked — only count and status are shown. → Sign in for full view

robots.txt — not present
sitemap.xml — not present
.git directory ✓ protected
Server disclosure ✓ hidden
Sensitive files ✓ none of the 13 checked files reachable
Unprotected e-mail addresses ✓ none in plain text

Quick Wins — biggest impact

These 3 changes raise your score the most.

+40 points

55 → 95

  1. 1

    Critical ports open i

    +20 ⏱ 30–60 Minuten · mittel

    Dangerous services reachable from the internet: 23/Telnet, 21/FTP, 445/SMB, 1433/MSSQL, 1521/Oracle DB, 3306/MySQL, 3389/RDP, 5900/VNC, 5432/PostgreSQL, 6379/Redis, 27017/MongoDB.

  2. 2

    Insecure cookies i

    +10 ⏱ 15 Minuten · mittel

    Cookies without Secure/HttpOnly/SameSite flags can be stolen. CM_SESSIONID: Secure, HttpOnly, SameSite fehlt; touchPoints: Secure, HttpOnly, SameSite fehlt; cust: Secure, HttpOnly, SameSite fehlt

  3. 3

    X-Frame-Options missing i

    +10 ⏱ 5 Minuten · leicht

    Missing – site is vulnerable to clickjacking.

+ 1 more vulnerabilities — see the list below

Scan categories

SSL & HTTPS

Passed ✓

HTTP headers

Issues ✗

DNS & infrastructure

Issues ✗

E-mail protection

Passed ✓

Open ports

Issues ✗

GDPR

Issues ✗

Vulnerabilities found

2 critical 2 medium
Critical

Critical ports open

Dangerous services reachable from the internet: 23/Telnet, 21/FTP, 445/SMB, 1433/MSSQL, 1521/Oracle DB, 3306/MySQL, 3389/RDP, 5900/VNC, 5432/PostgreSQL, 6379/Redis, 27017/MongoDB.

+ 3 more vulnerabilities locked

Including action items & fixes — unlock for free

Save this report as PDF

With a free account: full PDF report with screenshot, Quick Wins, all recommendations and step-by-step fixes — perfect to show, archive or pass on to clients.

PDF download Scan history Domain monitoring E-mail alerts Re-scan diff
Sign up for free · 30 sec Already have an account? Sign in →

Terms in this report

Understand what we found — the key concepts behind the findings, briefly explained.

HTTP headers

CSP explained csp

The Content-Security-Policy is the most important browser-side defence against XSS. Learn how a CSP is structured and how to roll …
X-Frame-Options explained x-frame-options

X-Frame-Options prevents clickjacking by controlling whether your site can be embedded in an iframe. Values DENY, SAMEORIGIN and t…
Referrer-Policy explained referrer-policy

The Referrer-Policy controls which information is sent when users click external links. Values, privacy implications and safe defa…
Permissions-Policy explained permissions-policy

The Permissions-Policy selectively disables browser features like geolocation, microphone, camera and FLoC. Structure, all directi…
MIME sniffing & X-Content-Type-Options explained mime-sniffing

X-Content-Type-Options: nosniff prevents browsers from guessing the MIME type of files. Protection against cross-site-scripting an…
→ All 15 glossary articles