Guest session
Check Detail

promocaooficinadossonhos.com.br · DNS

Passed Grade A
100.0%
Hostname promocaooficinadossonhos.com.br
Check name DNS
last run 01/07/2026 10:39
Result
Incomplete Grade C 73.1%

Result Detail

DNS
Host Type Answer TTL
13.94.141.164

Result Detail

HEADER
Alerts
  • Strict-Transport-Security: Strict-Transport-Security missing
  • Content-Security-Policy: Content-Security-Policy missing
  • X-Content-Type-Options: Header missing
  • X-Frame-Options: Header missing
  • Referrer-Policy: Header missing
  • Permissions-Policy: Permissions-Policy missing
  • Cross-Origin-Opener-Policy: Header missing
  • Cross-Origin-Embedder-Policy: Header missing
  • Cross-Origin-Resource-Policy: Header missing
  • Cache-Control: Cache-Control missing restrictive directives
  • Expect-CT: Expect-CT missing
  • X-Permitted-Cross-Domain-Policies: Header missing
  • Access-Control-Allow-Origin: Access-Control-Allow-Origin missing
  • Origin-Agent-Cluster: Header missing
Normalized headers
date Wed, 01 Jul 2026 08:39:28 GMT
content-type text/html
content-length 162
connection keep-alive
location https://www.promocaobosch.com.br/
Transport
Check name Status Actual Expected Detail Severity Recommendation
Strict-Transport-Security ❌ Missing max-age>=15768000; includeSubDomains; preload Strict-Transport-Security missing Critical Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Expect-CT ❌ Missing enforce; max-age>=86400 Expect-CT missing Medium Expect-CT: enforce, max-age=86400, report-uri="https://report.example.com"
Content Security
Check name Status Actual Expected Detail Severity Recommendation
Content-Security-Policy ❌ Missing default-src 'self'; frame-ancestors 'none' Content-Security-Policy missing Critical Content-Security-Policy: default-src 'self'; frame-ancestors 'none'
MIME
Check name Status Actual Expected Detail Severity Recommendation
X-Content-Type-Options ❌ Missing nosniff Header missing High X-Content-Type-Options: nosniff
Framing
Check name Status Actual Expected Detail Severity Recommendation
X-Frame-Options ❌ Missing DENY or SAMEORIGIN Header missing High X-Frame-Options: DENY
Privacy
Check name Status Actual Expected Detail Severity Recommendation
Referrer-Policy ❌ Missing strict-origin-when-cross-origin / same-origin Header missing Medium Referrer-Policy: strict-origin-when-cross-origin
Browser Features
Check name Status Actual Expected Detail Severity Recommendation
Permissions-Policy ❌ Missing camera=(); geolocation=(); microphone=() Permissions-Policy missing Medium Permissions-Policy: camera=(), geolocation=(), microphone=()
Cross-Origin
Check name Status Actual Expected Detail Severity Recommendation
Cross-Origin-Opener-Policy ❌ Missing same-origin Header missing High Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy ❌ Missing require-corp Header missing High Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Resource-Policy ❌ Missing same-origin Header missing Medium Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster ❌ Missing ?1 Header missing Low Origin-Agent-Cluster: ?1
Caching
Check name Status Actual Expected Detail Severity Recommendation
Cache-Control ❌ Missing no-store, private, max-age=0 Cache-Control missing restrictive directives High Cache-Control: no-store, private, max-age=0
Legacy
Check name Status Actual Expected Detail Severity Recommendation
X-Permitted-Cross-Domain-Policies ❌ Missing none Header missing Low X-Permitted-Cross-Domain-Policies: none
CORS
Check name Status Actual Expected Detail Severity Recommendation
Access-Control-Allow-Origin ❌ Missing Scoped origin (no wildcard) Access-Control-Allow-Origin missing Medium Access-Control-Allow-Origin: https://app.example.com
Information Disclosure
Check name Status Actual Expected Detail Severity Recommendation
Server ✅ Passed Header removed or generic Header not exposed High Remove Server header or set to a generic token
X-Powered-By ✅ Passed Header removed Header not exposed High Remove X-Powered-By header
X-AspNet-Version ✅ Passed Header removed Header not exposed Medium Remove framework version headers
Raw headers
HTTP/1.1 301 Moved Permanently
Date: Wed, 01 Jul 2026 08:39:28 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.promocaobosch.com.br/

Result Detail

SSL
Check name Status Value
certificate chain is complete ✅ Passed 3
root CA is trusted ✅ Passed Trusted
cert valid for ✅ Passed 41
chain certs are valid until ✅ Passed 11.08.2026
CN matches Domainname ✅ Passed promocaooficinadossonhos.com.br
certificate subject ✅ Passed CN=promocaooficinadossonhos.com.br
certificate issuer ✅ Passed C=US, O=Let's Encrypt, CN=R12
signature algorithm ✅ Passed RSA-SHA256
TLS protocol ✅ Passed TLSv1.3 TLS_AES_256_GCM_SHA384
Subject Alternative Names ✅ Passed promocaooficinadossonhos.com.br, www.promocaooficinadossonhos.com.br
Public Key ✅ Passed RSA 2048
Certificate chain
# Common name Issuer Valid until CA
0 promocaooficinadossonhos.com.br C=US, O=Let's Encrypt, CN=R12 11.08.2026 04:26:02 No
1 promocaooficinadossonhos.com.br C=US, O=Let's Encrypt, CN=R12 11.08.2026 04:26:02 No
2 R12 C=US, O=Internet Security Research Group, CN=ISRG Root X1 13.03.2027 00:59:59 Yes
TLS details
Negotiated protocol TLSv1.3
Cipher suite TLS_AES_256_GCM_SHA384 (256 bit)
Cipher version TLSv1.3
Perfect Forward Secrecy Attention
Earliest chain expiry 11.08.2026 04:26
Fingerprints
SHA-256 39:4E:52:B3:07:11:21:FB:6F:29:77:03:7F:A3:84:7B:D1:64:6D:FB:E4:A4:7F:1B:8A:48:73:AF:A3:01:32:B4
SHA-1 1B:F0:0F:0C:67:E8:87:48:EA:2C:25:70:9F:CC:3B:1C:1A:23:8B:4B
Revocation
OCSP URLs
CRL URLs
Full Name: URI:http://r12.c.lencr.org/59.crl
Issuer URLs (AIA)
http://r12.i.lencr.org/
OCSP Must-Staple No
Trust evaluation

Attempted: Yes

Trusted: Yes

OpenSSL diagnostic command
openssl s_client -connect promocaooficinadossonhos.com.br:443 -servername promocaooficinadossonhos.com.br

Result Detail

WAF
Sign up to use!
Ownership verification required

Real WAF results become available after signing up. Until then we show you a small teaser from the imagination department.

  • Shield level Mythisch
  • Watchers Gremlins im Standby
  • Last attack Story folgt nach Registrierung