{"url":"https:\/\/example.com","host":"example.com","score":50,"grade":"D+","scanned_at":"2026-04-04T09:05:01+00:00","cached":false,"report_url":"https:\/\/webcheckapp.com\/scan\/B0ZUcEjXuM9pZF7U","categories":{"dns":{"category":"DNS & Email Security","score":75,"checks":[{"id":"dns_spf","label":"SPF record configured","status":"pass","description":"SPF record found: \"v=spf1 -all\".","recommendation":null},{"id":"dns_dmarc","label":"DMARC record configured","status":"pass","description":"DMARC record found with policy \"reject\": \"v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s\".","recommendation":null},{"id":"dns_caa","label":"CAA record configured","status":"warn","description":"No CAA record found. Any Certificate Authority can issue SSL certs for your domain.","recommendation":"Add a CAA DNS record, e.g.: 0 issue \"letsencrypt.org\" to restrict SSL issuance."},{"id":"dns_dkim","label":"DKIM record configured","status":"pass","description":"DKIM record found (selector \"default\") \u2014 outgoing emails are cryptographically signed.","recommendation":null},{"id":"dns_mta_sts","label":"MTA-STS (email transport security)","status":"warn","description":"No MTA-STS record found at _mta-sts.example.com. Without it, email delivery to your domain could silently fall back to unencrypted connections.","recommendation":"Implement MTA-STS: add a TXT record at _mta-sts.example.com with value \"v=STSv1; id=YYYYMMDD01\" and publish a policy file at https:\/\/mta-sts.example.com\/.well-known\/mta-sts.txt"},{"id":"dns_ipv6","label":"IPv6 support","status":"pass","description":"Domain has an AAAA record \u2014 IPv6 is supported.","recommendation":null},{"id":"dns_bimi","label":"BIMI record","status":"info","description":"No BIMI record found. BIMI lets your brand logo appear in email clients that support it \u2014 a trust and branding signal for recipients.","recommendation":"BIMI requires DMARC with p=quarantine or p=reject. Then add a TXT record at default._bimi.example.com: v=BIMI1; l=https:\/\/yourdomain.com\/logo.svg"},{"id":"dns_dnssec","label":"DNSSEC","status":"warn","description":"DNSSEC could not be confirmed via this check. Verify with your domain registrar.","recommendation":"Enable DNSSEC through your domain registrar to protect against DNS cache poisoning."}]},"ssl":{"category":"SSL & HTTPS","score":58,"checks":[{"id":"ssl_available","label":"HTTPS \/ SSL enabled","status":"pass","description":"The website is accessible over HTTPS.","recommendation":null},{"id":"ssl_valid","label":"SSL certificate valid","status":"pass","description":"Certificate is valid and expires on 2026-07-01 (89 days left).","recommendation":null},{"id":"ssl_redirect","label":"HTTP redirects to HTTPS","status":"fail","description":"HTTP requests are not being redirected to HTTPS.","recommendation":"Configure a permanent (301) redirect from HTTP to HTTPS."},{"id":"ssl_hsts","label":"HSTS header configured","status":"fail","description":"No Strict-Transport-Security (HSTS) header found.","recommendation":"Add: Strict-Transport-Security: max-age=31536000; includeSubDomains"},{"id":"ssl_ciphers","label":"No weak cipher suites","status":"fail","description":"Server accepts weak cipher suite(s): RC4, 3DES, EXPORT, NULL. These ciphers have known cryptographic weaknesses.","recommendation":"Restrict your cipher list in your server config:\nNginx: ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!aNULL:!MD5:!3DES:!RC4;\nApache: SSLCipherSuite HIGH:!aNULL:!MD5:!3DES:!RC4\nThen reload your server."},{"id":"ssl_tls_version","label":"TLS 1.0 and 1.1 disabled","status":"pass","description":"Server only accepts TLS 1.2 or higher. Deprecated TLS versions are not supported.","recommendation":null}]},"content":{"category":"Content & CMS","score":100,"checks":[{"id":"content_mixed","label":"No mixed content detected","status":"pass","description":"No insecure HTTP resources (scripts, images, stylesheets) found in the page HTML.","recommendation":null},{"id":"content_admin","label":"CMS admin panel not publicly accessible","status":"pass","description":"No publicly accessible CMS admin interface found at common paths.","recommendation":null},{"id":"content_wp","label":"CMS version not exposed","status":"pass","description":"No CMS version information found in the page source.","recommendation":null},{"id":"content_sri","label":"Subresource Integrity (SRI)","status":"pass","description":"No external scripts or stylesheets without Subresource Integrity hashes detected.","recommendation":null},{"id":"content_open_redirect","label":"No open redirect","status":"pass","description":"No open redirect detected via common redirect parameters.","recommendation":null},{"id":"content_dirlisting","label":"Directory listing disabled","status":"pass","description":"Directory listing is not enabled \u2014 files cannot be browsed directly.","recommendation":null}]},"headers":{"category":"Security Headers","score":9,"checks":[{"id":"header_server","label":"Server version not disclosed","status":"pass","description":"The Server header does not expose version information.","recommendation":null},{"id":"header_csp","label":"Content-Security-Policy","status":"fail","description":"No Content-Security-Policy header found.","recommendation":"Add a Content-Security-Policy header to restrict which resources the browser may load, preventing XSS attacks."},{"id":"header_xframe","label":"X-Frame-Options","status":"fail","description":"No X-Frame-Options header found. The site may be vulnerable to clickjacking.","recommendation":"Add X-Frame-Options: DENY or SAMEORIGIN, or use CSP frame-ancestors."},{"id":"header_xcontent","label":"X-Content-Type-Options","status":"fail","description":"X-Content-Type-Options header is missing.","recommendation":"Add X-Content-Type-Options: nosniff to prevent browsers from MIME-sniffing responses."},{"id":"header_referrer","label":"Referrer-Policy","status":"fail","description":"No Referrer-Policy header found.","recommendation":"Add Referrer-Policy: strict-origin-when-cross-origin to control how much referrer info is sent."},{"id":"header_permissions","label":"Permissions-Policy","status":"warn","description":"No Permissions-Policy header found.","recommendation":"Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation."},{"id":"header_coop","label":"Cross-Origin-Opener-Policy","status":"warn","description":"No Cross-Origin-Opener-Policy (COOP) header found.","recommendation":"Add Cross-Origin-Opener-Policy: same-origin to isolate your browsing context and protect against cross-origin attacks and Spectre-like vulnerabilities."},{"id":"header_coep","label":"Cross-Origin-Embedder-Policy","status":"warn","description":"No Cross-Origin-Embedder-Policy (COEP) header found.","recommendation":"Add Cross-Origin-Embedder-Policy: require-corp to enable advanced browser isolation features (required for SharedArrayBuffer and high-resolution timers)."}]},"performance":{"category":"Performance & SEO","score":25,"checks":[{"id":"perf_ttfb","label":"Fast server response time (TTFB)","status":"pass","description":"Time To First Byte: 13 ms (measured from our scanner server) \u2014 excellent.","recommendation":null},{"id":"perf_compression","label":"Response compression enabled","status":"fail","description":"No gzip or Brotli compression detected.","recommendation":"Enable gzip or Brotli compression on your web server. This typically reduces HTML\/CSS\/JS size by 60-80%."},{"id":"perf_robots","label":"robots.txt present","status":"warn","description":"No robots.txt file found.","recommendation":"Create a robots.txt file to guide search engine crawlers and prevent indexing of sensitive paths."},{"id":"perf_sitemap","label":"XML sitemap present","status":"warn","description":"No sitemap.xml found at common locations (\/sitemap.xml, \/sitemap_index.xml).","recommendation":"Create and submit an XML sitemap to Google Search Console to improve search indexing."},{"id":"perf_securitytxt","label":"security.txt present","status":"warn","description":"No security.txt file found at \/.well-known\/security.txt or \/security.txt.","recommendation":"Create a security.txt file (RFC 9116) at \/.well-known\/security.txt to provide security researchers with a responsible disclosure contact."}]}}}