Scan failed

We could not scan vboxxcloud.nl. The website may be unreachable.

Try another URL

Security report for

vboxxcloud.nl

Scanned 1 hour ago

Cached result

Share on X LinkedIn Score card

0 /100

A-

Overall grade

Better than 86%

Executive Summary

PDF PRO

We performed a comprehensive security analysis of vboxxcloud.nl across 5 categories. The website received an overall score of 89/100 (grade A-), with 0 critical issues, 5 warnings, and 24 passed checks.

Overall assessment: vboxxcloud.nl demonstrates a strong security posture. The website follows most security best practices and is well-configured. Minor improvements are possible but no urgent issues were found. Continue monitoring regularly to maintain this level of security.

Strong areas

SSL & HTTPS

Content & CMS

Security Headers

Performance & SEO

Needs improvement

DNS & Email Security

Website Health Check

Simple overview for everyone

Is my website safe for visitors?

Yes — your website uses encryption and has security protections in place.

Good

Can my website be found by Google?

Yes — your website is accessible to search engines and loads at a reasonable speed.

Good

Is my email protected against spoofing?

Yes — your domain has email authentication records (SPF/DMARC) that prevent others from sending fake emails on your behalf.

Good

Is my website leaking sensitive data?

No leaks detected — configuration files and sensitive data appear to be properly protected.

Good

Does my website respect visitor privacy?

Yes — a privacy policy and cookie consent appear to be in place.

Good

Trust & WHOIS

??/100

Trust & WHOIS

See domain age, registrar, expiry date, server location, and reputation checks across security databases.

Domain Age WHOIS Data Server Location Reputation Check Expiry Alert

Malware & Reputation

??/100

Malware & Reputation

Check if your site is flagged by malware databases, blacklists, and antivirus vendors worldwide.

VirusTotal URLhaus Spamhaus PhishTank Cloudflare DNS

Advanced Security Checks

??/100

Advanced Security Checks

Detect open ports, exposed files, API vulnerabilities, TLS weaknesses, and subdomain takeover risks.

Open Ports Exposed Files API Security TLS Ciphers Subdomain Takeover

Privacy & GDPR

??/100

Privacy & GDPR

Analyze cookie consent, privacy policy presence, third-party trackers, and GDPR compliance signals.

Cookie Consent Privacy Policy Tracker Detection GDPR Compliance

Quality & Accessibility

??/100

Quality & Accessibility

Check accessibility compliance, robots.txt, branding, broken links, and carbon footprint.

Accessibility Robots & SEO Branding Broken Links Carbon Footprint

PDF PRO

Unlock the full security report

This Quick Scan covers 5 categories. Upgrade to Pro for OWASP Top 10 analysis, malware detection, exposed files, and 15 more scanners.

Full report

DNS & Email Security

75/100

SPF record configured

SPF record found: "v=spf1 a mx ip4:2.58.165.67 a:vboxxcloud.nl include:_spf.vboxx.nl -all".

DMARC record configured

DMARC record found with policy "reject": "v=DMARC1;p=reject".

CAA record configured

No CAA record found. Any Certificate Authority can issue SSL certs for your domain.

Fix: Add a CAA DNS record, e.g.: 0 issue "letsencrypt.org" to restrict SSL issuance.

DKIM record configured

DKIM record found (selector "mail") — outgoing emails are cryptographically signed.

MTA-STS (email transport security)

No MTA-STS record found at _mta-sts.vboxxcloud.nl. Without it, email delivery to your domain could silently fall back to unencrypted connections.

Fix: Implement MTA-STS: add a TXT record at _mta-sts.vboxxcloud.nl with value "v=STSv1; id=YYYYMMDD01" and publish a policy file at https://mta-sts.vboxxcloud.nl/.well-known/mta-sts.txt

IPv6 support

No AAAA record found. The domain is IPv4-only.

Fix: Add an AAAA record to support IPv6. Most modern hosting providers and CDNs assign IPv6 addresses automatically.

BIMI record

No BIMI record found. BIMI lets your brand logo appear in email clients that support it — a trust and branding signal for recipients.

Fix: BIMI requires DMARC with p=quarantine or p=reject. Then add a TXT record at default._bimi.vboxxcloud.nl: v=BIMI1; l=https://yourdomain.com/logo.svg

DNSSEC

DNSSEC could not be verified via this automated check (PHP DNS resolvers strip DNSSEC data). Check with your domain registrar or use dnsviz.net to verify.

SSL & HTTPS

85/100

HTTPS / SSL enabled

The website is accessible over HTTPS.

SSL certificate valid

Certificate expires soon: 2026-05-11 (30 days left).

Fix: Renew your SSL certificate before it expires.

HTTP redirects to HTTPS

HTTP traffic is permanently (301) redirected to HTTPS.

HSTS header configured

Strict-Transport-Security header found with max-age=31536000. includeSubDomains is set.

No weak cipher suites

Server does not accept known weak cipher suites (RC4, 3DES, EXPORT, NULL).

TLS 1.0 and 1.1 disabled

Server only accepts TLS 1.2 or higher. Deprecated TLS versions are not supported.

Content & CMS

88/100

No mixed content detected

No insecure HTTP resources (scripts, images, stylesheets) found in the page HTML.

CMS admin panel not publicly accessible

No publicly accessible CMS admin interface found at common paths.

CMS version not exposed

No CMS version information found in the page source.

Subresource Integrity (SRI)

1 of 1 external script(s)/stylesheet(s) load without an integrity= hash. If the CDN is compromised, malicious code could be silently injected into your pages.

Fix: Add integrity= and crossorigin= attributes to external <script> and <link> tags. Generate hashes at https://www.srihash.org/

No open redirect

No open redirect detected via common redirect parameters.

Directory listing disabled

Directory listing is not enabled — files cannot be browsed directly.

Security Headers

100/100

Server version not disclosed

The Server header does not expose version information.

Content-Security-Policy

CSP header enforced: "upgrade-insecure-requests;"

X-Frame-Options

X-Frame-Options: SAMEORIGIN — protects against clickjacking.

X-Content-Type-Options

X-Content-Type-Options: nosniff is set — prevents MIME-type sniffing.

Referrer-Policy

Referrer-Policy: strict-origin-when-cross-origin

Permissions-Policy

Permissions-Policy header found — browser feature access is restricted.

Cross-Origin-Opener-Policy

No Cross-Origin-Opener-Policy (COOP) header found. Note: COOP can break popup-based flows (payments, OAuth) and browser back/forward cache.

Fix: Consider adding Cross-Origin-Opener-Policy: same-origin if your site does not use cross-origin popups.

Cross-Origin-Embedder-Policy

No Cross-Origin-Embedder-Policy (COEP) header found. Note: COEP breaks external embeds (YouTube, maps, ads) that don't send CORP headers.

Fix: Consider adding Cross-Origin-Embedder-Policy: require-corp only if your site does not embed third-party content.

X-XSS-Protection (deprecated)

X-XSS-Protection: 1; mode=block — Note: this header is deprecated and ignored by modern browsers. Rely on CSP instead.

Server: Apache/2

Referrer-Policy: strict-origin-when-cross-origin

X-Frame-Options: SAMEORIGIN

X-Xss-Protection: 1; mode=block

Permissions-Policy: interest-cohort=()

X-Content-Type-Options: nosniff

Content-Security-Policy: upgrade-insecure-requests;

Strict-Transport-Security: max-age=31536000; includeSubDomains;

Performance & SEO

100/100

Fast server response time (TTFB)

Time To First Byte: 37 ms (measured from our scanner server) — excellent.

Response compression enabled

Compression is enabled (gzip) — reduces transfer size and speeds up page loads.

robots.txt present

A robots.txt file was found and is accessible.

XML sitemap present

An XML sitemap was found — helps search engines discover and index your pages.

security.txt present

No security.txt file found at /.well-known/security.txt or /security.txt.

Fix: Create a security.txt file (RFC 9116) at /.well-known/security.txt to provide security researchers with a responsible disclosure contact.

Warnings (5)

What is this?

CAA (Certification Authority Authorization) is a DNS record that specifies which Certificate Authorities (CAs) are allowed to issue SSL/TLS certificates for your domain.

Why does it matter?

Without CAA records, any of the hundreds of trusted CAs worldwide can issue a certificate for your domain. A compromised or rogue CA could issue a fraudulent certificate for your domain, enabling MITM attacks. CAA limits this risk to your chosen CA(s).

How to fix it

Add CAA records to your DNS. Example for Let\'s Encrypt only: 0 issue "letsencrypt.org" For multiple CAs (e.g. Let\'s Encrypt + DigiCert): 0 issue "letsencrypt.org" 0 issue "digicert.com" To also allow wildcard certificates: 0 issuewild "letsencrypt.org" For email notifications on unauthorized issuance attempts: 0 iodef "mailto:security@yourdomain.com" Check current CAA records at: sslmate.com/caa

What is this?

MTA-STS (Mail Transfer Agent Strict Transport Security) is a standard that forces other mail servers to use encrypted TLS connections when delivering email to your domain. Without it, a network attacker could silently strip TLS from email in transit.

Why does it matter?

Email is delivered between servers using SMTP. By default, SMTP tries TLS but falls back to plaintext if TLS is not available — a downgrade attack. MTA-STS prevents this fallback, ensuring all email delivered to your domain is encrypted in transit.

How to fix it

Implementing MTA-STS requires two things: 1. A DNS TXT record at _mta-sts.yourdomain.com: v=STSv1; id=20240101001 2. A policy file hosted at: https://mta-sts.yourdomain.com/.well-known/mta-sts.txt Policy file content: version: STSv1 mode: enforce mx: mail.yourdomain.com max_age: 86400 Start with mode: testing to see reports before enforcing. Use mta-sts.io for a guided setup.

What is this?

An SSL/TLS certificate has an expiry date. Once expired, browsers show a full-page warning to visitors and refuse to connect without clicking through a security warning.

Why does it matter?

An expired certificate breaks trust immediately — visitors see a red warning screen and most will leave. Search engines may also de-index or lower the ranking of sites with certificate errors.

How to fix it

Renew your certificate before it expires. If you use Let's Encrypt, set up auto-renewal with certbot (sudo certbot renew --dry-run to test). Most hosting providers send expiry warnings by email. Set a calendar reminder at 30 and 7 days before expiry.

What is this?

Subresource Integrity (SRI) is a browser security feature that lets you specify a cryptographic hash for external scripts and stylesheets. The browser refuses to execute the resource if its content does not match the hash.

Why does it matter?

If a CDN you rely on is compromised (a real and recurring attack vector), an attacker can replace your JavaScript library with malicious code that steals user data, injects cryptomining scripts, or performs other attacks. SRI prevents this by making the browser verify the file has not been altered.

How to fix it

Add integrity= and crossorigin= attributes to your external resources: <script src="https://cdn.jsdelivr.net/npm/jquery@3.7.1/dist/jquery.min.js" integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous" ></script> Generate hashes for any URL at: https://www.srihash.org/ For build tools, use webpack-subresource-integrity or vite-plugin-sri to add hashes automatically during builds.

PDF PRO Scan another website Compare with competitor Browse recent scans

Get this report emailed to you

Create a free account to save your scan results, monitor your sites, and get alerted when your score drops.

Create free account

Show visitors your security score with an embeddable badge. It updates automatically when you rescan.

Preview

<a href="https://webcheckapp.com/scan/iNwfHwOVbeWFT634">
  <img src="https://webcheckapp.com/scan/iNwfHwOVbeWFT634/badge" alt="Security score: 89/100">
</a>