Guest session
Check Detail

previ.bosch.com.br · DNS

Passed Grade A
100.0%
Hostname previ.bosch.com.br
Check name DNS
last run 01/07/2026 10:01
Result
Incomplete Grade C 67.9%

Result Detail

DNS
Host Type Answer TTL
170.245.134.249

Result Detail

HEADER
Alerts
  • Strict-Transport-Security: Strict-Transport-Security missing
  • Content-Security-Policy: Content-Security-Policy missing
  • X-Content-Type-Options: Header missing
  • X-Frame-Options: Header missing
  • Referrer-Policy: Header missing
  • Permissions-Policy: Permissions-Policy missing
  • Cross-Origin-Opener-Policy: Header missing
  • Cross-Origin-Embedder-Policy: Header missing
  • Cross-Origin-Resource-Policy: Header missing
  • Cache-Control: Cache-Control missing restrictive directives
  • Expect-CT: Expect-CT missing
  • X-Permitted-Cross-Domain-Policies: Header missing
  • Access-Control-Allow-Origin: Access-Control-Allow-Origin missing
  • Server: Sensitive header exposed
  • X-Powered-By: Sensitive header exposed
  • Origin-Agent-Cluster: Header missing
Normalized headers
content-length 166
content-type text/html
last-modified Wed, 25 Sep 2024 12:53:27 GMT
accept-ranges bytes
etag "f3d072ea49fdb1:0"
server Microsoft-IIS/10.0
x-powered-by ASP.NET
date Wed, 01 Jul 2026 08:01:30 GMT
Transport
Check name Status Actual Expected Detail Severity Recommendation
Strict-Transport-Security ❌ Missing max-age>=15768000; includeSubDomains; preload Strict-Transport-Security missing Critical Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Expect-CT ❌ Missing enforce; max-age>=86400 Expect-CT missing Medium Expect-CT: enforce, max-age=86400, report-uri="https://report.example.com"
Content Security
Check name Status Actual Expected Detail Severity Recommendation
Content-Security-Policy ❌ Missing default-src 'self'; frame-ancestors 'none' Content-Security-Policy missing Critical Content-Security-Policy: default-src 'self'; frame-ancestors 'none'
MIME
Check name Status Actual Expected Detail Severity Recommendation
X-Content-Type-Options ❌ Missing nosniff Header missing High X-Content-Type-Options: nosniff
Framing
Check name Status Actual Expected Detail Severity Recommendation
X-Frame-Options ❌ Missing DENY or SAMEORIGIN Header missing High X-Frame-Options: DENY
Privacy
Check name Status Actual Expected Detail Severity Recommendation
Referrer-Policy ❌ Missing strict-origin-when-cross-origin / same-origin Header missing Medium Referrer-Policy: strict-origin-when-cross-origin
Browser Features
Check name Status Actual Expected Detail Severity Recommendation
Permissions-Policy ❌ Missing camera=(); geolocation=(); microphone=() Permissions-Policy missing Medium Permissions-Policy: camera=(), geolocation=(), microphone=()
Cross-Origin
Check name Status Actual Expected Detail Severity Recommendation
Cross-Origin-Opener-Policy ❌ Missing same-origin Header missing High Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy ❌ Missing require-corp Header missing High Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Resource-Policy ❌ Missing same-origin Header missing Medium Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster ❌ Missing ?1 Header missing Low Origin-Agent-Cluster: ?1
Caching
Check name Status Actual Expected Detail Severity Recommendation
Cache-Control ❌ Missing no-store, private, max-age=0 Cache-Control missing restrictive directives High Cache-Control: no-store, private, max-age=0
Legacy
Check name Status Actual Expected Detail Severity Recommendation
X-Permitted-Cross-Domain-Policies ❌ Missing none Header missing Low X-Permitted-Cross-Domain-Policies: none
CORS
Check name Status Actual Expected Detail Severity Recommendation
Access-Control-Allow-Origin ❌ Missing Scoped origin (no wildcard) Access-Control-Allow-Origin missing Medium Access-Control-Allow-Origin: https://app.example.com
Information Disclosure
Check name Status Actual Expected Detail Severity Recommendation
Server ❌ Missing Microsoft-IIS/10.0 Header removed or generic Sensitive header exposed High Remove Server header or set to a generic token
X-Powered-By ❌ Missing ASP.NET Header removed Sensitive header exposed High Remove X-Powered-By header
X-AspNet-Version ✅ Passed Header removed Header not exposed Medium Remove framework version headers
Raw headers
HTTP/2 200 
content-length: 166
content-type: text/html
last-modified: Wed, 25 Sep 2024 12:53:27 GMT
accept-ranges: bytes
etag: "f3d072ea49fdb1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 01 Jul 2026 08:01:30 GMT

Result Detail

SSL
Check name Status Value
certificate chain is complete ✅ Passed 3
root CA is trusted ✅ Passed Trusted
cert valid for ✅ Passed 198
chain certs are valid until ✅ Passed 15.01.2027
CN matches Domainname ✅ Passed previ.bosch.com.br
certificate subject ✅ Passed C=DE, ST=Baden-Württemberg, L=Gerlingen, O=Robert Bosch GmbH, CN=previ.bosch.com.br
certificate issuer ✅ Passed C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
signature algorithm ✅ Passed RSA-SHA256
TLS protocol ✅ Passed TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Subject Alternative Names ✅ Passed previ.bosch.com.br
Public Key ✅ Passed RSA 2048
Certificate chain
# Common name Issuer Valid until CA
0 previ.bosch.com.br C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 15.01.2027 00:59:59 No
1 previ.bosch.com.br C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 15.01.2027 00:59:59 No
2 DigiCert Global G2 TLS RSA SHA256 2020 CA1 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 30.03.2031 00:59:59 Yes
TLS details
Negotiated protocol TLSv1.2
Cipher suite ECDHE-RSA-AES256-GCM-SHA384 (256 bit)
Cipher version TLSv1.2
Perfect Forward Secrecy OK
Earliest chain expiry 15.01.2027 00:59
Fingerprints
SHA-256 0F:F9:6D:74:73:81:B5:CD:A6:A1:53:FC:2A:61:21:D5:B4:9C:EB:5E:70:4F:BD:0E:CC:4E:40:C2:13:2A:46:F1
SHA-1 0A:85:DC:C7:41:34:4C:58:31:0E:26:FB:6E:31:34:8A:1C:A3:7D:D4
Revocation
OCSP URLs
http://ocsp.digicert.com
CRL URLs
Full Name: URI:http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl Full Name: URI:http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
Issuer URLs (AIA)
http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt
OCSP Must-Staple No
Trust evaluation

Attempted: Yes

Trusted: Yes

OpenSSL diagnostic command
openssl s_client -connect previ.bosch.com.br:443 -servername previ.bosch.com.br

Result Detail

WAF
Sign up to use!
Ownership verification required

Real WAF results become available after signing up. Until then we show you a small teaser from the imagination department.

  • Shield level Mythisch
  • Watchers Gremlins im Standby
  • Last attack Story folgt nach Registrierung