Security Test
Website Security Test
Website Vulnerability Scanner
Comprehensive security testing for your website
Security Report: https://aamirfreelancer.com/
Scan Date: April 7, 2026, 9:32 p.m. | Duration: 69.17s
Light Scan Result
Have you made changes or fixed vulnerabilities?
Run a fresh scan to verify your latest security updates.
Want a deeper analysis?
This is a Light Scan result. Perform a Deep Scan to uncover hidden vulnerabilities like XSS, SQL Injection, and more.
Includes intrusive tests. Ensure you are
authorized.
Risk Rating
Overall Risk Rating
B (75/100)
0
Total CVEs
15
Total CWEs
Risk Distribution Chart
CVE Based Risk Distribution
| Critical | 0 |
| High | 0 |
| Medium | 0 |
| Low | 0 |
CWE Based Risk Distribution
| Critical | 0 |
| High | 1 |
| Medium | 6 |
| Low | 8 |
Unique CVE IDs
Identified
No CVEs mapped
Unique CWE IDs
Identified
CWE-1004, CWE-16, CWE-200, CWE-319, CWE-614, CWE-693, CWE-770
How is the score calculated?
Scores start at 100. Deductions are: Critical (-10), High (-5), Medium (-2), Low (-1). To ensure fairness, deductions are capped per category: Critical (40), High (25), Medium (15), Low (10).
Scan Summary
| 1 | Input Hostname | aamirfreelancer.com |
| 2 | Scan Start Time | April 7, 2026, 9:32 p.m. |
| 3 | Scan Duration | 69.17s |
| 4 | Total Test Cases | 50 |
Target Information
| 1 | Target URL | https://aamirfreelancer.com/ |
| 2 | IP Address | 88.222.243.224 |
| 3 | Hosting Provider | Hostinger |
| 4 | Registrar | GoDaddy.com, LLC |
| 5 | Programming Language | PHP |
| 6 | Web Server | hcdn |
| 7 | Operating System | Unknown |
| 8 | HTTPS Enabled | Enabled |
| 9 | WAF Detected | Not Detected |
Original Header Response
Date: Tue, 07 Apr 2026 16:03:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-DNS-Prefetch-Control: on
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: upgrade-insecure-requests
Link: <https://aamirfreelancer.com/wp-json/>; rel="https://api.w.org/", <https://aamirfreelancer.com/wp-json/wp/v2/pages/425>; rel="alternate"; title="JSON"; type="application/json", <https://aamirfreelancer.com/>; rel=shortlink
X-LiteSpeed-Cache-Control: public,max-age=576444
X-LiteSpeed-Tag: 7ec_front,7ec_URL.6666cd76f96956469e7be39d750cc7d9,7ec_F,7ec_Po.425,7ec_PGS,7ec_guest,7ec_,7ec_MIN.62af39ee6ad22da55197b18e17e08121.css,7ec_MIN.9fa2c9719fd5a99518cf51ff5cd00476.js
Etag: "46-1775549425;br"
X-LiteSpeed-Cache: hit
Content-Encoding: br
platform: hostinger
panel: hpanel
Server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 72fb31e37386cd28b028b5c77e399e43-mum-edge6
x-hcdn-cache-status: BYPASS
x-hcdn-upstream-rt: 0.746
Network & Infrastructure Reconnaissance
| Inline Connection | Yes |
| IP Address | 88.222.243.224 |
| Hosting Provider | Hostinger |
| Server | hcdn |
| Server Disclosure CVE | No CVEs found |
| Operating System | Unknown |
| Open Ports | 443, 80 |
| Database Technology | Not Detected |
| WAF Detection | Not Detected |
| SSL Certificate | Certificate is valid |
Application Stack & Technology Fingerprinting
| CMS | {'WordPress': '6.9.4'} |
| CMS CVE | No CVEs found |
| Programming Language | PHP |
| Technology Disclosure CVE | No CVEs found |
| Javascript Libraries | No known vulnerable libraries detected |
| Javascript Libraries CVE | Not Applicable |
| Openapi Disclosure | Not Found |
| XML RPC Endpoint Detection | Disabled |
Transport Layer Security (TLS) & Encryption
| Mixed Content Analysis | Secure |
| Secure Connection | Enabled |
| Unencrypted Viewstate | Not Detected |
HTTP Security Headers Analysis
| Securitys | STRICT-TRANSPORT-SECURITY, PERMISSIONS-POLICY, X-FRAME-OPTIONS, X-CONTENT-TYPE-OPTIONS, X-XSS-PROTECTION, REFERRER-POLICY, X-PERMITTED-CROSS-DOMAIN |
| Content Security Policy | Present |
| Strict Transport Security | Missing Strict-Transport-Security header |
| Referrer Policy | Missing Referrer-Policy header |
| X Content Type Options | Missing X-Content-Type-Options header |
| CSP Analysis | Missing 'object-src' directive Missing 'frame-ancestors' directive Missing 'default-src 'self'' directive |
| X Frame Options | Missing X-Frame-Options |
| X XSS Protection | Missing x-xss-protection header |
Session & Cookie Security
| Missing HTTPonly Flag In Cookies | Missing HttpOnly flag in cookies |
| Missing Secure Flag In Cookies | Missing Secure flag in cookies |
| Loose Cookie Domain | Secure |
Sensitive Resource & File Exposure
| Directory Listing | Disabled |
| Secret Files Detection | ['https://aamirfreelancer.com/robots.txt', 'https://aamirfreelancer.com/sitemap.xml'] |
| Robots Txt File Found | None |
| Path Disclosure | Not Found |
| Htaccess Exposure | None |
Authentication & Credential Exposure
| Passwords Submitted Unencrypted | Passwords submitted unencrypted |
| Password Leakage | Not Detected |
| Password Field With Autocomplete | OK |
Information Disclosure & Error Handling
| Error Messages Analysis | Secure |
| Cross Domain Inclusion | ['stats.wp.com', 'gmpg.org'] |
Application Surface & Method Exposure
| HTTP Methods Allowed | GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD |
| Enabled Debug Method | No |
| Enabled Options Method | Yes |
| File Upload | Not Detected |
| Client Access Policies | Not Found |
Email & Domain Security Configuration
| Email Extraction | Emails exposed |
| SPF | v=spf1 include:spf.titan.email ~all |
| DMARC | Not Configured |
| DKIM | Not Configured |
Abuse & Rate-Limiting Controls
| Rate Limit Headers | Missing Rate Limit header |
Injection & Header Manipulation
| Host Header Injection | Not Vulnerable |
Bot & Automation Protection
| Captcha Detection | Not Detected |
Other Findings
| Registrar | GoDaddy.com, LLC |
Findings – CVE (Common Vulnerabilities and Exposures)
No CVE vulnerabilities found.
Findings – CWE (Common Weakness Enumeration)
| Sr. No | Vulnerability Source | CWE ID | Severity | Description | Remediation |
|---|---|---|---|---|---|
| 1 | Passwords submitted unencrypted | CWE-319 | High | Credentials transmitted without encryption can be intercepted. | Use HTTPS-only forms and ensure encrypted transport of all authentication data. |
| 2 | Missing Strict-Transport-Security header | CWE-319 | Medium | Sensitive information is exposed in transit due to the absence of secure channel enforcement. | Enable HSTS with: "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload". |
| 3 | Missing Referrer-Policy header | CWE-200 | Medium | Exposure of sensitive URLs or information to third-party sites. | Set a secure referrer policy such as: "Referrer-Policy: no-referrer". |
| 4 | Missing X-Content-Type-Options header | CWE-16 | Medium | Improperly configured security headers allow MIME-type confusion attacks. | Add the header: "X-Content-Type-Options: nosniff". |
| 5 | Missing HttpOnly flag in cookies | CWE-1004 | Medium | Cookies accessible by JavaScript can be stolen via XSS. | Set the HttpOnly flag to prevent client-side script access. |
| 6 | Missing Secure flag in cookies | CWE-614 | Medium | Cookies without the Secure flag may be sent over unencrypted connections. | Enable the Secure flag for all session or sensitive cookies. |
| 7 | Missing Rate Limit header | CWE-770 | Medium | Improper control of resource consumption may enable brute-force or DoS attacks. | Implement rate limiting and add headers such as 'X-RateLimit-Limit' and 'Retry-After'. |
| 8 | Missing Header: STRICT-TRANSPORT-SECURITY | CWE-693 | Low | The security header STRICT-TRANSPORT-SECURITY is missing. | Add STRICT-TRANSPORT-SECURITY header to server configuration. |
| 9 | Missing Header: PERMISSIONS-POLICY | CWE-693 | Low | The security header PERMISSIONS-POLICY is missing. | Add PERMISSIONS-POLICY header to server configuration. |
| 10 | Missing Header: X-FRAME-OPTIONS | CWE-693 | Low | The security header X-FRAME-OPTIONS is missing. | Add X-FRAME-OPTIONS header to server configuration. |
| 11 | Missing Header: X-CONTENT-TYPE-OPTIONS | CWE-693 | Low | The security header X-CONTENT-TYPE-OPTIONS is missing. | Add X-CONTENT-TYPE-OPTIONS header to server configuration. |
| 12 | Missing Header: X-XSS-PROTECTION | CWE-693 | Low | The security header X-XSS-PROTECTION is missing. | Add X-XSS-PROTECTION header to server configuration. |
| 13 | Missing Header: REFERRER-POLICY | CWE-693 | Low | The security header REFERRER-POLICY is missing. | Add REFERRER-POLICY header to server configuration. |
| 14 | Missing Header: X-PERMITTED-CROSS-DOMAIN | CWE-693 | Low | The security header X-PERMITTED-CROSS-DOMAIN is missing. | Add X-PERMITTED-CROSS-DOMAIN header to server configuration. |
| 15 | Emails exposed | CWE-200 | Low | Publicly exposed email addresses may lead to phishing or spam attacks. | Obfuscate email addresses or remove unnecessary public exposure. |
Other Security Tools
Explore our comprehensive suite of security testing tools