promocaooficinadossonhos.com.br · DNS
Result Detail
DNS| Host | Type | Answer | TTL |
|---|---|---|---|
| 13.94.141.164 | — |
Result Detail
HEADERAlerts
- Strict-Transport-Security: Strict-Transport-Security missing
- Content-Security-Policy: Content-Security-Policy missing
- X-Content-Type-Options: Header missing
- X-Frame-Options: Header missing
- Referrer-Policy: Header missing
- Permissions-Policy: Permissions-Policy missing
- Cross-Origin-Opener-Policy: Header missing
- Cross-Origin-Embedder-Policy: Header missing
- Cross-Origin-Resource-Policy: Header missing
- Cache-Control: Cache-Control missing restrictive directives
- Expect-CT: Expect-CT missing
- X-Permitted-Cross-Domain-Policies: Header missing
- Access-Control-Allow-Origin: Access-Control-Allow-Origin missing
- Origin-Agent-Cluster: Header missing
Normalized headers
| date | Wed, 01 Jul 2026 08:07:59 GMT |
|---|---|
| content-type | text/html |
| content-length | 162 |
| connection | keep-alive |
| location | https://www.promocaobosch.com.br/ |
Transport
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Strict-Transport-Security | ❌ Missing | max-age>=15768000; includeSubDomains; preload | Strict-Transport-Security missing | Critical | Strict-Transport-Security: max-age=63072000; includeSubDomains; preload | |
| Expect-CT | ❌ Missing | enforce; max-age>=86400 | Expect-CT missing | Medium | Expect-CT: enforce, max-age=86400, report-uri="https://report.example.com" |
Content Security
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Content-Security-Policy | ❌ Missing | default-src 'self'; frame-ancestors 'none' | Content-Security-Policy missing | Critical | Content-Security-Policy: default-src 'self'; frame-ancestors 'none' |
MIME
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| X-Content-Type-Options | ❌ Missing | nosniff | Header missing | High | X-Content-Type-Options: nosniff |
Framing
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| X-Frame-Options | ❌ Missing | DENY or SAMEORIGIN | Header missing | High | X-Frame-Options: DENY |
Privacy
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Referrer-Policy | ❌ Missing | strict-origin-when-cross-origin / same-origin | Header missing | Medium | Referrer-Policy: strict-origin-when-cross-origin |
Browser Features
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Permissions-Policy | ❌ Missing | camera=(); geolocation=(); microphone=() | Permissions-Policy missing | Medium | Permissions-Policy: camera=(), geolocation=(), microphone=() |
Cross-Origin
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Cross-Origin-Opener-Policy | ❌ Missing | same-origin | Header missing | High | Cross-Origin-Opener-Policy: same-origin | |
| Cross-Origin-Embedder-Policy | ❌ Missing | require-corp | Header missing | High | Cross-Origin-Embedder-Policy: require-corp | |
| Cross-Origin-Resource-Policy | ❌ Missing | same-origin | Header missing | Medium | Cross-Origin-Resource-Policy: same-origin | |
| Origin-Agent-Cluster | ❌ Missing | ?1 | Header missing | Low | Origin-Agent-Cluster: ?1 |
Caching
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Cache-Control | ❌ Missing | no-store, private, max-age=0 | Cache-Control missing restrictive directives | High | Cache-Control: no-store, private, max-age=0 |
Legacy
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| X-Permitted-Cross-Domain-Policies | ❌ Missing | none | Header missing | Low | X-Permitted-Cross-Domain-Policies: none |
CORS
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Access-Control-Allow-Origin | ❌ Missing | Scoped origin (no wildcard) | Access-Control-Allow-Origin missing | Medium | Access-Control-Allow-Origin: https://app.example.com |
Information Disclosure
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Server | ✅ Passed | Header removed or generic | Header not exposed | High | Remove Server header or set to a generic token | |
| X-Powered-By | ✅ Passed | Header removed | Header not exposed | High | Remove X-Powered-By header | |
| X-AspNet-Version | ✅ Passed | Header removed | Header not exposed | Medium | Remove framework version headers |
Raw headers
HTTP/1.1 301 Moved Permanently Date: Wed, 01 Jul 2026 08:07:59 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://www.promocaobosch.com.br/
Result Detail
SSL| Check name | Status | Value |
|---|---|---|
| certificate chain is complete | ✅ Passed | 3 |
| root CA is trusted | ✅ Passed | Trusted |
| cert valid for | ✅ Passed | 41 |
| chain certs are valid until | ✅ Passed | 11.08.2026 |
| CN matches Domainname | ✅ Passed | promocaooficinadossonhos.com.br |
| certificate subject | ✅ Passed | CN=promocaooficinadossonhos.com.br |
| certificate issuer | ✅ Passed | C=US, O=Let's Encrypt, CN=R12 |
| signature algorithm | ✅ Passed | RSA-SHA256 |
| TLS protocol | ✅ Passed | TLSv1.3 TLS_AES_256_GCM_SHA384 |
| Subject Alternative Names | ✅ Passed | promocaooficinadossonhos.com.br, www.promocaooficinadossonhos.com.br |
| Public Key | ✅ Passed | RSA 2048 |
Certificate chain
| # | Common name | Issuer | Valid until | CA |
|---|---|---|---|---|
| 0 | promocaooficinadossonhos.com.br | C=US, O=Let's Encrypt, CN=R12 | 11.08.2026 04:26:02 | No |
| 1 | promocaooficinadossonhos.com.br | C=US, O=Let's Encrypt, CN=R12 | 11.08.2026 04:26:02 | No |
| 2 | R12 | C=US, O=Internet Security Research Group, CN=ISRG Root X1 | 13.03.2027 00:59:59 | Yes |
TLS details
| Negotiated protocol | TLSv1.3 |
|---|---|
| Cipher suite | TLS_AES_256_GCM_SHA384 (256 bit) |
| Cipher version | TLSv1.3 |
| Perfect Forward Secrecy | Attention |
| Earliest chain expiry | 11.08.2026 04:26 |
Fingerprints
| SHA-256 | 39:4E:52:B3:07:11:21:FB:6F:29:77:03:7F:A3:84:7B:D1:64:6D:FB:E4:A4:7F:1B:8A:48:73:AF:A3:01:32:B4 |
|---|---|
| SHA-1 | 1B:F0:0F:0C:67:E8:87:48:EA:2C:25:70:9F:CC:3B:1C:1A:23:8B:4B |
Revocation
Trust evaluation
Attempted: Yes
Trusted: Yes
OpenSSL diagnostic command
openssl s_client -connect promocaooficinadossonhos.com.br:443 -servername promocaooficinadossonhos.com.br
Result Detail
WAFReal WAF results become available after signing up. Until then we show you a small teaser from the imagination department.
- Shield level Mythisch
- Watchers Gremlins im Standby
- Last attack Story folgt nach Registrierung