SHOWING RESULTS FOR
http://shop.flora-apotheke.de/

SCAN #10 LAST SCAN  2018-12-05 @ 05:27 – 05:27

Take this with a grain of salt! Some of our checks may report wrong results. BETA

AVAILABLE FOR RE-SCAN

Download Results as JSON

ANALYZED URL AFTER LOADING:
http://shop.flora-apotheke.de/

ANALYZED MAIL SERVER:
mail.flora-apotheke.de

SCAN ERROR:

  • Retrieving http://shop.flora-apotheke.de/ resulted in an HTTP error. Either the URL is invalid or the server is misconfigured. Status code: ERROR 503: Service Temporarily Unavailable.
  • Retrieving https://shop.flora-apotheke.de/ resulted in an HTTP error. The URL may be invalid, the server may be misconfigured, or the server does not expect HTTPS connections via this URL. Status code: ERROR 503: Service Temporarily Unavailable.

What is this? This page shows the result of a machine-generated analysis of a specific website, which was commissioned by a PrivacyScore user. During the analysis it was checked whether the privacy of the visitors is protected on a technical level as well as possible when visiting the given internet addresses, and whether the operator uses common security mechanisms on the website. This can indicate how seriously an operator takes data protection. However, it is not possible to determine the actual security level achieved.  More details please!

NoTrack: No Tracking by Website and Third Parties

Sometimes, a scan can go wrong and not deliver any results. This check tests if the scan of the website using the OpenWPM tool succeeded.

Scan Module: OpenWPM

Further reading:

Result wrong?  report error

We obtain the IP addresses of the domain and look up its country in a GeoIP database. It is believed that personal data is protected better, if a website is hosted in a country that implements the European General Data Protection Directive (GDPR). We plan to offer more flexible geo-location tests in the future.

Conditions for passing: The test passes if all IP addresses (A records) are found to be in countries that implement the GDPR.

Reliability: unreliable. We perform a single DNS lookup for the A records of the domain name of the respective site. Due to DNS round robin configurations, we may not see all IP addresses that are actually used by a site. Furthermore, if the site uses content delivery networks or anycasting the set of addresses we observe may differ from the set for other users. We look up the IP addresses within a local copy of a GeoIP database. We use the GeoLite2 data created by MaxMind, available from http://www.maxmind.com.

Potential scan errors: The result may be incorrect for the following reasons. First, we may miss some IP addresses and therefore our results may be incomplete (causing the test to pass while it shouldn’t). Second, we may see a set of IP addresses that is biased due to the location of our scanning servers (all of them are currently in Germany), which may again cause the test to pass while it shouldn’t. Therefore, the results may be wrong for users located in other countries. Third, the determination of the geo-location of IP addresses is known to be imperfect. This may cause the test to fail or succeed where it shouldn’t.

Scan module: network

Further reading:

Result wrong?  report error

We obtain the IP addresses of the mail server record(s) associated with the domain and look up its country in a GeoIP database. It is believed that personal data is protected better, if a website is hosted in a country that implements the European General Data Protection Directive (GDPR). We plan to offer more flexible geo-location tests in the future.

Conditions for passing: The test passes if all IP addresses associated with the MX records are found to be in countries that implement the GDPR. This test is neutral if there are no MX records.

Reliability: unreliable. We perform a single DNS lookup for the MX records of the domain name of the respective site. Then we obtain all A records of each MX record. Due to DNS round robin configurations, we may not see all IP addresses that are actually used by a site. Furthermore, if the site uses content delivery networks or anycasting the set of addresses we observe may differ from the set for other users. We look up the IP addresses within a local copy of a GeoIP database. We use the GeoLite2 data created by MaxMind, available from http://www.maxmind.com. Finally, we only check mail servers found in MX records. Therefore, we miss sites where the domain does not have MX records, but mail is directly handled by a mail server running on the IP address given by its A record.

Potential scan errors: The result may be incorrect for the following reasons. First, we may miss some IP addresses and therefore our results may be incomplete (causing the test to pass while it shouldn’t). Second, we may see a set of IP addresses that is biased due to the location of our scanning servers (all of them are currently in Germany), which may again cause the test to pass while it shouldn’t. Therefore, the results may be wrong for users located in other countries. Third, the determination of the geo-location of IP addresses is known to be imperfect. This may cause the test to fail or succeed where it shouldn’t.

Scan module: network

Further reading:

Result wrong?  report error

Some site owners outsource hosting of mail or web servers to specialized operators that are located in a foreign country. Some users may find it surprising that web and mail traffic is not handled in the same fashion and in one of the two cases their traffic is transferred to a foreign country.

Conditions for passing: Test passes if the set of countries where the web servers are located matches the set of countries where the mail servers associated with the domain are located. If there are no MX records this test is neutral.

Reliability: unreliable. See GEOMAIL check.

Potential scan errors: See GEOMAIL check. This check may wrongly be recorded as "failed", if one of the servers is found to be located in the country "Europe", which is due to peculiarities of how MaxMind records geolocations.

Scan module: network

Further reading:

Result wrong?  report error

EncWeb: Encryption of Web Traffic

HTTPS is a critical building block in website security. This check tests if the web server offers users the option to connect via HTTPS.

Conditions for passing: Test fails if the server does not offer HTTPS.

Reliability: unreliable.

Potential scan errors: If the server employs tarpitting the testssl check fails.

Scan Module: OpenWPM

Result wrong?  report error

To protect their users, websites offering HTTPS should automatically redirect visitors to the secure version of the website if they visit the unsecured version, as users cannot be expected to change the address by hand. This test verifies that this is the case. If the browser is redirected to a secure URL, all other HTTPS tests use the final URL.

Conditions for passing: Test passes if the server automatically redirects the browser to an HTTPS URL when the browser requests a HTTP URL. Neutral if the given URL is already an HTTPS URL.

Reliability: reliable.

Potential scan errors: If users are redirected to the HTTPS version using JavaScript, this test may not detect it.
Scan Module: OpenWPM

Result wrong?  report error

Some servers offer HTTPS, but will forward users back to the insecure version of the website when they attempt to use it.

Conditions for passing: Test fails if the server automatically redirects the browser to an HTTP URL when the browser requests a HTTPS URL. Neutral if the server does not support HTTPS.

Reliability: reliable.

Potential scan errors: If users are redirected to the HTTP version using JavaScript, this test may not detect it.
Scan Module: OpenWPM

Result wrong?  report error

Attacks: Protection Against Various Attacks

Web servers may be configured incorrectly and expose private information on the public internet. This test looks for a series of common mistakes: Exposing the "server-status" or "server-info" pages of the web server, common debugging files that may have been forgotten on the server, and the presence of version control system files from the Git or SVN systems, which may contain private or security-critical information.

Conditions for passing: No leaks have been detected.

Reliability: unreliable. The detection is not completely reliable, as we can only check for certain indicators of problems. This test may result in both false positives (claiming that a website is insecure where it isn't) and false negatives (claiming that a website is secure where it isn't).

Potential scan errors: We only check for leaks at specific, pre-defined paths. If The website exposes information in other places, we may not detect it.

Scan Module: serverleaks

Further reading:

  • TODO
Result wrong?  report error

EncMail: Encryption of Mail Traffic

Many eMail servers do not allow encrypted connections. This test checks if the mail server associated with the domain supports encrypted connections.

Informational check: Test fails if the server does not offer encryption. The result is neutral if the encryption test did not complete with any results.

Reliability: unreliable.

Potential scan errors: Many eMail servers will slow down our test significantly, which may lead to it failing even though the server offers encrypted connections. In that case, we will be unable to determine any information about the security of the server, and will exempt the category from the rating.

Scan module: testssl

Further reading:

  • TODO
Result wrong?  report error

ON PRIVACYSCORE SINCE
2018-02-21

no screenshot available at the moment

REFERENCED IN 1 LIST

Registered Internet Pharmacies in Germany (which are pharmacies) - Set 1