SHOWING RESULTS FOR
http://versandapo24.org/

SCAN #10 LAST SCAN  2018-12-05 @ 05:36 – 05:36

Take this with a grain of salt! Some of our checks may report wrong results. BETA

AVAILABLE FOR RE-SCAN

Download Results as JSON

ANALYZED URL AFTER LOADING:

ANALYZED MAIL SERVER:
(no mx records found or scan not finished)

SCAN ERROR:

  • Internal error: The scanner returned no results.

What is this? This page shows the result of a machine-generated analysis of a specific website, which was commissioned by a PrivacyScore user. During the analysis it was checked whether the privacy of the visitors is protected on a technical level as well as possible when visiting the given internet addresses, and whether the operator uses common security mechanisms on the website. This can indicate how seriously an operator takes data protection. However, it is not possible to determine the actual security level achieved.  More details please!

NoTrack: No Tracking by Website and Third Parties

Sometimes, a scan can go wrong and not deliver any results. This check tests if the scan of the website using the OpenWPM tool succeeded.

Scan Module: OpenWPM

Further reading:

Result wrong?  report error

EncWeb: Encryption of Web Traffic

HTTPS is a critical building block in website security. This check tests if the web server offers users the option to connect via HTTPS.

Conditions for passing: Test fails if the server does not offer HTTPS.

Reliability: unreliable.

Potential scan errors: If the server employs tarpitting the testssl check fails.

Scan Module: OpenWPM

Result wrong?  report error

To protect their users, websites offering HTTPS should automatically redirect visitors to the secure version of the website if they visit the unsecured version, as users cannot be expected to change the address by hand. This test verifies that this is the case. If the browser is redirected to a secure URL, all other HTTPS tests use the final URL.

Conditions for passing: Test passes if the server automatically redirects the browser to an HTTPS URL when the browser requests a HTTP URL. Neutral if the given URL is already an HTTPS URL.

Reliability: reliable.

Potential scan errors: If users are redirected to the HTTPS version using JavaScript, this test may not detect it.
Scan Module: OpenWPM

Result wrong?  report error

Attacks: Protection Against Various Attacks

Web servers may be configured incorrectly and expose private information on the public internet. This test looks for a series of common mistakes: Exposing the "server-status" or "server-info" pages of the web server, common debugging files that may have been forgotten on the server, and the presence of version control system files from the Git or SVN systems, which may contain private or security-critical information.

Conditions for passing: No leaks have been detected.

Reliability: unreliable. The detection is not completely reliable, as we can only check for certain indicators of problems. This test may result in both false positives (claiming that a website is insecure where it isn't) and false negatives (claiming that a website is secure where it isn't).

Potential scan errors: We only check for leaks at specific, pre-defined paths. If The website exposes information in other places, we may not detect it.

Scan Module: serverleaks

Further reading:

  • TODO
Result wrong?  report error

This HTTP header helps to prevent Cross-Site-Scripting attacks. With CSP, a site can whitelist servers from which it expects its content to be loaded. This prevents adversaries from injecting malicious scripts into the site.

Conditions for passing: The Content-Security-Policy header is present.

Reliability: shallow. At the moment we only check for this header in the response that belongs to the first request for the final URL (after following potential redirects to other HTTP/HTTPS URLs). Furthermore, we only report whether the header is set or not, i.e., we do not analyze whether the content of the header makes sense.

Potential scan errors: We may miss security problems on sites that redirect multiple times. We may also miss security problems on sites that issue multiple requests to render the resulting page but forget to set the header in all responses.

Scan Module: OpenWPM

Further reading:

Result wrong?  report error

This HTTP header prevents adversaries from embedding a site for malicious purposes. XFO allows a site to tell the browser that it is not acceptable to include it within a frame from another server. This decreases the risk of click-jacking attacks.

Conditions for passing: The X-Frame-Options header is present and set to “SAMEORIGIN” (as recommended by securityheaders.io).

Reliability: shallow. At the moment we only check for this header in the response that belongs to the first request for the final URL (after following potential redirects to other HTTP/HTTPS URLs).

Potential scan errors: We may miss security problems on sites that redirect multiple times. We may also miss security problems on sites that issue multiple requests to render the resulting page but forget to set the header in all responses.

Scan module: OpenWPM

Further reading:

  • TODO
Result wrong?  report error

This HTTP header prevents certain cross-site scripting (XSS) attacks. Browsers are instructed to stop loading the page when they detect reflective XSS attacks. This header is useful for older browsers that do not support the more recent Content Security Policy header yet.

Conditions for passing: The X-XSS-Protection HTTP header is present and set to “1; mode=block” (which is the best policy and also recommended by the scan service securityheaders.io).

Reliability: unreliable. At the moment we only check for this header in the response that belongs to the first request for the final URL (after following potential redirects to other HTTP/HTTPS URLs).

Potential scan errors: We may miss security problems on sites that redirect multiple times. We may also miss security problems on sites that issue multiple requests to render the resulting page but forget to set the header in all responses.

Scan module: OpenWPM

Further reading:

Result wrong?  report error

This HTTP header prevents browsers from accidentally executing code. Browsers are instructed to interpret all objects received from a server according to the MIME type set in the Content-Type HTTP header. Traditionally, browsers have tried to guess the content type based on the content, which has been exploited by attackers to make browsers execute malicious code.

Conditions for passing: The X-Content-Type-Options HTTP header is present and set to “nosniff”.

Reliability: unreliable. At the moment we only check for this header in the response that belongs to the first request for the final URL (after following potential redirects to other HTTP/HTTPS URLs).

Potential scan errors: We may miss security problems on sites that redirect multiple times. We may also miss security problems on sites that issue multiple requests to render the resulting page but forget to set the header in all responses.

Scan module: OpenWPM

Further reading:

Result wrong?  report error

A secure referrer policy prevents the browser from disclosing the URL of the current page to other pages. Without a referrer policy most browsers send a Referer header whenever content is retrieved from third parties or when you visit a different page by clicking on a link. This may disclose sensitive information.

Conditions for passing: Referrer-Policy header is present. Referrer-Policy is set to “no-referrer” (which is the only recommended policy recommended by dataskydd.net in their Webbkoll scan service).

Reliability: unreliable. At the moment we only check for this header in the response that belongs to the first request for the final URL (after following potential redirects to other HTTP/HTTPS URLs).

Potential scan errors: We may miss security problems on sites that redirect multiple times. We may also miss security problems on sites that issue multiple requests to render the resulting page but forget to set the header in all responses. We fail to detect a referrer policy that is set via the “referer” HTTP-EQUIV META tag in the HTML code.

Scan module: OpenWPM

Further reading:

Result wrong?  report error

EncMail: Encryption of Mail Traffic

Many eMail servers do not allow encrypted connections. This test checks if the mail server associated with the domain supports encrypted connections.

Informational check: Test fails if the server does not offer encryption. The result is neutral if the encryption test did not complete with any results.

Reliability: unreliable.

Potential scan errors: Many eMail servers will slow down our test significantly, which may lead to it failing even though the server offers encrypted connections. In that case, we will be unable to determine any information about the security of the server, and will exempt the category from the rating.

Scan module: testssl

Further reading:

  • TODO
Result wrong?  report error

ON PRIVACYSCORE SINCE
2018-02-21

no screenshot available at the moment

REFERENCED IN 1 LIST

Registered Internet Pharmacies in Germany (which are pharmacies) - Set 1