Check Detail
zelfy.com · DNS
Passed
Grade A
100.0%
Result Detail
DNS| Host | Type | Answer | TTL |
|---|---|---|---|
| 52.20.84.62 | — |
Result Detail
HEADERAlerts
- Content-Security-Policy: Content-Security-Policy missing
- Expect-CT: Expect-CT missing
- X-Permitted-Cross-Domain-Policies: Header missing
- Access-Control-Allow-Origin: Access-Control-Allow-Origin missing
- Server: Sensitive header exposed
Normalized headers
| date | Tue, 14 Oct 2025 23:57:05 GMT |
|---|---|
| content-type | text/html; charset=UTF-8 |
| content-length | 7224 |
| accept-ch | Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA |
| cf-mitigated | challenge |
| critical-ch | Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA |
| cross-origin-embedder-policy | require-corp |
| cross-origin-opener-policy | same-origin |
| cross-origin-resource-policy | same-origin |
| origin-agent-cluster | ?1 |
| permissions-policy | accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() |
| referrer-policy | same-origin |
| server-timing | chlray;desc="98eb045c7c7fdc6c" |
| x-content-type-options | nosniff |
| x-frame-options | SAMEORIGIN |
| cache-control | private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 |
| expires | Thu, 01 Jan 1970 00:00:01 GMT |
| strict-transport-security | max-age=31536000; includeSubDomains; preload |
| speculation-rules | "/cdn-cgi/speculation" |
| server | cloudflare |
| cf-ray | 98eb045c7c7fdc6c-FRA |
| alt-svc | h3=":443"; ma=86400 |
Transport
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Strict-Transport-Security | ✅ Passed | max-age=31536000; includeSubDomains; preload | max-age>=15768000; includeSubDomains; preload | HSTS policy robust | Critical | Strict-Transport-Security: max-age=63072000; includeSubDomains; preload |
| Expect-CT | ❌ Missing | enforce; max-age>=86400 | Expect-CT missing | Medium | Expect-CT: enforce, max-age=86400, report-uri="https://report.example.com" |
Content Security
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Content-Security-Policy | ❌ Missing | default-src 'self'; frame-ancestors 'none' | Content-Security-Policy missing | Critical | Content-Security-Policy: default-src 'self'; frame-ancestors 'none' |
MIME
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| X-Content-Type-Options | ✅ Passed | nosniff | nosniff | Value matches recommendation | High | X-Content-Type-Options: nosniff |
Framing
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| X-Frame-Options | ✅ Passed | SAMEORIGIN | DENY or SAMEORIGIN | Value accepted | High | X-Frame-Options: DENY |
Privacy
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Referrer-Policy | ✅ Passed | same-origin | strict-origin-when-cross-origin / same-origin | strict-origin-when-cross-origin | Medium | Referrer-Policy: strict-origin-when-cross-origin |
Browser Features
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Permissions-Policy | ✅ Passed | accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() | camera=(); geolocation=(); microphone=() | camera=(); geolocation=(); microphone=() | Medium | Permissions-Policy: camera=(), geolocation=(), microphone=() |
Cross-Origin
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Cross-Origin-Opener-Policy | ✅ Passed | same-origin | same-origin | Value matches recommendation | High | Cross-Origin-Opener-Policy: same-origin |
| Cross-Origin-Embedder-Policy | ✅ Passed | require-corp | require-corp | Value matches recommendation | High | Cross-Origin-Embedder-Policy: require-corp |
| Cross-Origin-Resource-Policy | ✅ Passed | same-origin | same-origin | Value matches recommendation | Medium | Cross-Origin-Resource-Policy: same-origin |
| Origin-Agent-Cluster | ✅ Passed | ?1 | ?1 | Value matches recommendation | Low | Origin-Agent-Cluster: ?1 |
Caching
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Cache-Control | ✅ Passed | private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 | no-store, private, max-age=0 | no-store, private, max-age=0 | High | Cache-Control: no-store, private, max-age=0 |
Legacy
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| X-Permitted-Cross-Domain-Policies | ❌ Missing | none | Header missing | Low | X-Permitted-Cross-Domain-Policies: none |
CORS
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Access-Control-Allow-Origin | ❌ Missing | Scoped origin (no wildcard) | Access-Control-Allow-Origin missing | Medium | Access-Control-Allow-Origin: https://app.example.com |
Information Disclosure
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Server | ❌ Missing | cloudflare | Header removed or generic | Sensitive header exposed | High | Remove Server header or set to a generic token |
| X-Powered-By | ✅ Passed | Header removed | Header not exposed | High | Remove X-Powered-By header | |
| X-AspNet-Version | ✅ Passed | Header removed | Header not exposed | Medium | Remove framework version headers |
Raw headers
HTTP/2 403 date: Tue, 14 Oct 2025 23:57:05 GMT content-type: text/html; charset=UTF-8 content-length: 7224 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cf-mitigated: challenge critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin origin-agent-cluster: ?1 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy: same-origin server-timing: chlray;desc="98eb045c7c7fdc6c" x-content-type-options: nosniff x-frame-options: SAMEORIGIN cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 expires: Thu, 01 Jan 1970 00:00:01 GMT strict-transport-security: max-age=31536000; includeSubDomains; preload speculation-rules: "/cdn-cgi/speculation" server: cloudflare cf-ray: 98eb045c7c7fdc6c-FRA alt-svc: h3=":443"; ma=86400
Result Detail
SSL| Check name | Status | Value |
|---|---|---|
| certificate chain is complete | ✅ Passed | 3 |
| root CA is trusted | ✅ Passed | Trusted |
| cert valid for | ✅ Passed | 69 |
| chain certs are valid until | ✅ Passed | 22.12.2025 |
| CN matches Domainname | ✅ Passed | zelfy.com |
| certificate subject | ✅ Passed | CN=zelfy.com |
| certificate issuer | ✅ Passed | C=US, O=Let's Encrypt, CN=R12 |
| signature algorithm | ✅ Passed | RSA-SHA256 |
| TLS protocol | ✅ Passed | TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 |
| Subject Alternative Names | ✅ Passed | zelfy.com |
| Public Key | ✅ Passed | RSA 4096 |
Certificate chain
| # | Common name | Issuer | Valid until | CA |
|---|---|---|---|---|
| 0 | zelfy.com | C=US, O=Let's Encrypt, CN=R12 | 22.12.2025 22:33:30 | No |
| 1 | zelfy.com | C=US, O=Let's Encrypt, CN=R12 | 22.12.2025 22:33:30 | No |
| 2 | R12 | C=US, O=Internet Security Research Group, CN=ISRG Root X1 | 13.03.2027 00:59:59 | Yes |
TLS details
| Negotiated protocol | TLSv1.2 |
|---|---|
| Cipher suite | ECDHE-RSA-AES128-GCM-SHA256 (128 bit) |
| Cipher version | TLSv1.2 |
| Perfect Forward Secrecy | OK |
| Earliest chain expiry | 22.12.2025 22:33 |
Fingerprints
| SHA-256 | 3A:E0:D4:1E:4A:0A:41:AE:99:DC:7E:2A:60:4B:85:94:D2:99:0C:74:A1:BA:65:08:50:2B:05:B4:35:EB:85:9B |
|---|---|
| SHA-1 | EE:33:C6:6C:ED:23:D8:19:9B:58:64:99:CC:59:46:C0:7D:41:2D:1A |
Revocation
OCSP URLs
—
CRL URLs
Full Name:
URI:http://r12.c.lencr.org/125.crl
Issuer URLs (AIA)
http://r12.i.lencr.org/
OCSP Must-Staple
No
Trust evaluation
Attempted: Yes
Trusted: Yes
OpenSSL diagnostic command
openssl s_client -connect zelfy.com:443 -servername zelfy.com
Result Detail
WAFSign up to use!
Ownership verification required
Real WAF results become available after signing up. Until then we show you a small teaser from the imagination department.
- Shield level Mythisch
- Watchers Gremlins im Standby
- Last attack Story folgt nach Registrierung