Welcome - WAFDOG

Check Detail

heathrow.com · DNS

Passed Grade A

100.0%

Hostname	heathrow.com
Check name	DNS
last run	12/12/2025 09:48
Result	Passed Grade B 88.5%

Result Detail

DNS

Host	Type	Answer	TTL
		20.123.127.245	—
		20.101.251.73	—

Result Detail

HEADER

Alerts

Strict-Transport-Security: HSTS active but consider preload
Cross-Origin-Opener-Policy: Header missing
Cross-Origin-Embedder-Policy: Header missing
Cross-Origin-Resource-Policy: Header missing
Expect-CT: Expect-CT missing
X-Permitted-Cross-Domain-Policies: Header missing
Access-Control-Allow-Origin: Access-Control-Allow-Origin missing
Origin-Agent-Cluster: Header missing

Normalized headers

date	Fri, 12 Dec 2025 08:48:54 GMT
content-type	text/html;charset=utf-8
content-length	1150860
service-worker-allowed	/
x-frame-options	SAMEORIGIN
strict-transport-security	max-age=63072000; includeSubdomains;
permissions-policy	fullscreen=(self "https://www.youtube-nocookie.com"), microphone=(), camera=()
x-dispatcher	dispatcher3euwest2-b80
x-vhost	publish
x-content-type-options	nosniff
x-xss-protection	1; mode=block
content-security-policy	frame-ancestors 'self';; frame-ancestors 'self';
referrer-policy	strict-origin-when-cross-origin
vary	Accept-Encoding,User-Agent
x-cache	TCP_MISS
via	1.1 5321ce1f67b98139d1f43997aea9b44a.cloudfront.net (CloudFront)
x-amz-cf-pop	CDG50-P1
x-amz-cf-id	2V3l4hHpLF0CAmeyqHcAoguEeHchhEjdd0sdIVw01DYX2cBGWDYRbw==
x-azure-ref	20251212T084854Z-185d974d666h7gj4hC1FRAfzk800000006gg000000009twn
cache-control	public, max-age=300
x-fd-int-roxy-purgeid	0
accept-ranges	bytes

Transport

Check name	Status	Actual	Expected	Detail	Severity	Recommendation
Strict-Transport-Security	⚠️ Warning	max-age=63072000; includeSubdomains;	max-age>=15768000; includeSubDomains; preload	HSTS active but consider preload	Critical	Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Expect-CT	❌ Missing		enforce; max-age>=86400	Expect-CT missing	Medium	Expect-CT: enforce, max-age=86400, report-uri="https://report.example.com"

Content Security

Check name	Status	Actual	Expected	Detail	Severity	Recommendation
Content-Security-Policy	✅ Passed	frame-ancestors 'self';; frame-ancestors 'self';	default-src 'self'; frame-ancestors 'none'	default-src 'self'; frame-ancestors 'none'	Critical	Content-Security-Policy: default-src 'self'; frame-ancestors 'none'

MIME

Check name	Status	Actual	Expected	Detail	Severity	Recommendation
X-Content-Type-Options	✅ Passed	nosniff	nosniff	Value matches recommendation	High	X-Content-Type-Options: nosniff

Framing

Check name	Status	Actual	Expected	Detail	Severity	Recommendation
X-Frame-Options	✅ Passed	SAMEORIGIN	DENY or SAMEORIGIN	Value accepted	High	X-Frame-Options: DENY

Privacy

Check name	Status	Actual	Expected	Detail	Severity	Recommendation
Referrer-Policy	✅ Passed	strict-origin-when-cross-origin	strict-origin-when-cross-origin / same-origin	strict-origin-when-cross-origin	Medium	Referrer-Policy: strict-origin-when-cross-origin

Browser Features

Check name	Status	Actual	Expected	Detail	Severity	Recommendation
Permissions-Policy	✅ Passed	fullscreen=(self "https://www.youtube-nocookie.com"), microphone=(), camera=()	camera=(); geolocation=(); microphone=()	camera=(); geolocation=(); microphone=()	Medium	Permissions-Policy: camera=(), geolocation=(), microphone=()

Cross-Origin

Check name	Status	Expected	Detail	Severity	Recommendation
Cross-Origin-Opener-Policy	❌ Missing	same-origin	Header missing	High	Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy	❌ Missing	require-corp	Header missing	High	Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Resource-Policy	❌ Missing	same-origin	Header missing	Medium	Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster	❌ Missing	?1	Header missing	Low	Origin-Agent-Cluster: ?1

Caching

Check name	Status	Actual	Expected	Detail	Severity	Recommendation
Cache-Control	✅ Passed	public, max-age=300	no-store, private, max-age=0	no-store, private, max-age=0	High	Cache-Control: no-store, private, max-age=0

Legacy

Check name	Status	Actual	Expected	Detail	Severity	Recommendation
X-Permitted-Cross-Domain-Policies	❌ Missing		none	Header missing	Low	X-Permitted-Cross-Domain-Policies: none

CORS

Check name	Status	Actual	Expected	Detail	Severity	Recommendation
Access-Control-Allow-Origin	❌ Missing		Scoped origin (no wildcard)	Access-Control-Allow-Origin missing	Medium	Access-Control-Allow-Origin: https://app.example.com

Information Disclosure

Check name	Status	Expected	Detail	Severity	Recommendation
Server	✅ Passed	Header removed or generic	Header not exposed	High	Remove Server header or set to a generic token
X-Powered-By	✅ Passed	Header removed	Header not exposed	High	Remove X-Powered-By header
X-AspNet-Version	✅ Passed	Header removed	Header not exposed	Medium	Remove framework version headers

Raw headers

HTTP/2 200 
date: Fri, 12 Dec 2025 08:48:54 GMT
content-type: text/html;charset=utf-8
content-length: 1150860
service-worker-allowed: /
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubdomains;
permissions-policy: fullscreen=(self "https://www.youtube-nocookie.com"), microphone=(), camera=()
x-dispatcher: dispatcher3euwest2-b80
x-vhost: publish
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: frame-ancestors 'self';
content-security-policy: frame-ancestors 'self';
referrer-policy: strict-origin-when-cross-origin
vary: Accept-Encoding,User-Agent
x-cache: TCP_MISS
via: 1.1 5321ce1f67b98139d1f43997aea9b44a.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P1
x-amz-cf-id: 2V3l4hHpLF0CAmeyqHcAoguEeHchhEjdd0sdIVw01DYX2cBGWDYRbw==
x-azure-ref: 20251212T084854Z-185d974d666h7gj4hC1FRAfzk800000006gg000000009twn
cache-control: public, max-age=300
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes

Result Detail

SSL

Check name	Status	Value
certificate chain is complete	✅ Passed	4
root CA is trusted	✅ Passed	Trusted
cert valid for	✅ Passed	240
chain certs are valid until	✅ Passed	09.08.2026
CN matches Domainname	✅ Passed	heathrow.com
certificate subject	✅ Passed	C=GB, L=Hounslow, O=Heathrow Airport Holdings Limited, CN=www.heathrow.com
certificate issuer	✅ Passed	C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
signature algorithm	✅ Passed	RSA-SHA256
TLS protocol	✅ Passed	TLSv1.3 TLS_AES_256_GCM_SHA384
Subject Alternative Names	✅ Passed	heathrow.com, www.heathrow.com
Public Key	✅ Passed	RSA 2048

Certificate chain

#	Common name	Issuer	Valid until	CA
0	www.heathrow.com	C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1	09.08.2026 01:59:59	No
1	www.heathrow.com	C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1	09.08.2026 01:59:59	No
2	DigiCert Global G2 TLS RSA SHA256 2020 CA1	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2	30.03.2031 00:59:59	Yes
3	DigiCert Global Root G2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2	15.01.2038 13:00:00	Yes

TLS details

Negotiated protocol	TLSv1.3
Cipher suite	TLS_AES_256_GCM_SHA384 (256 bit)
Cipher version	TLSv1.3
Perfect Forward Secrecy	Attention
Earliest chain expiry	09.08.2026 01:59

Fingerprints

SHA-256	`58:9D:C9:AC:29:76:CD:87:4C:D8:E0:69:F4:17:2A:53:DA:F7:72:6F:ED:67:D0:4B:3F:AC:AA:0B:BE:E9:C8:6A`
SHA-1	`3F:8F:8E:5B:93:A7:8F:01:DF:CD:61:B7:D4:47:15:BD:2C:A3:9D:2A`

Revocation

OCSP URLs

http://ocsp.digicert.com

CRL URLs

Full Name: URI:http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl Full Name: URI:http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl

Issuer URLs (AIA)

http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt

OCSP Must-Staple No

Trust evaluation

Attempted: Yes

Trusted: Yes

OpenSSL diagnostic command

openssl s_client -connect heathrow.com:443 -servername heathrow.com

Result Detail

WAF

Ownership verification required

Real WAF results become available after signing up. Until then we show you a small teaser from the imagination department.

Shield level Mythisch
Watchers Gremlins im Standby
Last attack Story folgt nach Registrierung