Website

Security Test
Test your Content Security Policy (CSP), HTTP Security Headers and overall web server security.

Summary of silkmobile.com.pk Website Security Test

FINAL GRADE DNS INFO

SERVER IP DATE OF TEST

A-
61.5.134.70 April 30th 2019, 14:13

REVERSE DNS SERVER LOCATION

www.silkmobile.com.pk Karachi

2019 © ImmuniWeb | Website Security Test | https://www.immuniweb.com/websec/?id=sk0hoGIu 1

 Web Server Analysis
HTTP RESPONSE REDIRECT TO NPN ALPN

403 Forbidden N/A N/A No

CONTENT ENCODING SERVER SIGNATURE WAF LOCATION

None Microsoft-IIS/8.5 No WAF detected Cyber Internet Services (Pvt) Lt

d.

HTTP METHODS ENABLED

 GET  HEAD  OPTIONS

Web CMS Security Analysis

A non-intrusive CMS fingerprinting technology thoroughly crawls some parts of the CMS to fingerprint its version in the most accurate
manner:

FINGERPRINTED CMS & VULNERABILITIES

No CMS was detected

FINGERPRINTED COMPONENTS & VULNERABILITIES

No components were detected

2019 © ImmuniWeb | Website Security Test | https://www.immuniweb.com/websec/?id=sk0hoGIu 2

 HTTP Headers Security Analysis

Some HTTP headers related to security and privacy are missing or misconfigured. Misconfiguration or weakness

MISSING REQUIRED HTTP HEADERS

X-XSS-Protection Expect-CT Feature-Policy

MISSING OPTIONAL HTTP HEADERS

Access-Control-Allow-Origin Public-Key-Pins Public-Key-Pins-Report-Only Expect-Staple

SERVER

The web server discloses is version, potentially facilitating further attacks against it. Misconfiguration or weakness

Raw HTTP Header

Server: Microsoft-IIS/8.5

X-POWERED-BY

Web server does not disclose its version. Good configuration

Raw HTTP Header

X-Powered-By: ASP.NET

STRICT-TRANSPORT-SECURITY

The header is properly set. Good configuration

Raw HTTP Header

Strict-Transport-Security: max-age=31536000

Directives

Name Description

max-age Sets the time browsers must enforce the use of HTTPS to browse the website.

X-FRAME-OPTIONS

The header is properly set. Good configuration

Raw HTTP Header

X-Frame-Options: DENY

2019 © ImmuniWeb | Website Security Test | https://www.immuniweb.com/websec/?id=sk0hoGIu 3

 X-CONTENT-TYPE-OPTIONS

The header is properly set. Good configuration

Raw HTTP Header

X-Content-Type-Options: nosniff

Content Security Policy Analysis

CONTENT-SECURITY-POLICY

The header was not sent by the server. Misconfiguration or weakness

CONTENT-SECURITY-POLICY-REPORT-ONLY

The header was not sent by the server. Information

2019 © ImmuniWeb | Website Security Test | https://www.immuniweb.com/websec/?id=sk0hoGIu 4

 Cookies Security Analysis

No cookies were sent by the web application. Information

2019 © ImmuniWeb | Website Security Test | https://www.immuniweb.com/websec/?id=sk0hoGIu 5

 GDPR Security Analysis


Assessment of compliance with GDPR may be time consuming and requires consent of the website owner.
Please try ImmuniWeb® On-Demand for GDPR compliance audit.

PCI DSS Security Analysis

If the website falls into a CDE (Cardholder Data Environment) scope, the following Requirements of PCI DSS may apply:

REQUIREMENT 6.2

The web software and its components on the website cannot be fingerprinted. Make
Information
sure they are up2date.

REQUIREMENT 6.5

No publicly known vulnerabilities seem to be present in the fingerprinted versions of

Good configuration
web software used on the website.

REQUIREMENT 6.6

No WAF was detected on the website. Implement and test a WAF to protect the
Misconfiguration or weakness
website against the most common web attacks.

2019 © ImmuniWeb | Website Security Test | https://www.immuniweb.com/websec/?id=sk0hoGIu 6