Hi w.post,
Some DNS issues here: http://www.dnsinspect.com/qassa.com/1416843383
Header Security Issues found (take up with hoster):
X-Frame-Options
X-Frame-Options does not appear to be found in the site’s HTTP header, increasing the likelihood of successful clickjacking attacks.
Strict-Transport-Security
Strict-Transport-Security does not appear to be found in the site’s HTTP header, so browsers will not try to access your pages over SSL first.
Nosniff
nosniff does not appear to be found in the site’s HTTP header, allowing Internet Explorer the opportunity to deliver malicious content via data that it has incorrectly identified to be of a certain MIME type.
X-XSS-Protection
We didn’t detect any mention of X-XSS-Protection in headers anywhere, so there’s likely room to improve if we want to be as secure as possible against cross site scripting.
Content Security Policy
We did not detect Content-Security-Policy , x-webkit-csp, or even x-webkit-csp-report-only in the site’s HTTP header, making XSS attacks more likely to succeed.
UTF-8 Character Encoding
utf-8 doesn’t appear to be declared in this site’s HTTP header, increasing the likelihood that malicious character conversion could happen. Maybe it is declared in the actual HTML on the site’s pages. We hope so.
Server Information
Server: was found in this site’s HTTP header, possibly making it easier for attackers to know about potential vulnerabilities that may exist on your site!
Cross Domain Meta Policy
Permitted-Cross-Domain-Policies does not appear to be found in the site’s HTTP header, so it’s possible that cross domain policies can be set by other users on your site and be obeyed by Adobe Flash and pdf files…
For recommendations scan here: http://cyh.herokuapp.com/cyh
Code hick-up (extended run-time): wXw.qassa.com/javascript/jquery-1.4.2.min.js benign
[nothing detected] (script) wXw.qassa.com/javascript/jquery-1.4.2.min.js
status: (referer=wXw.qassa.com/)saved 72174 bytes 65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious:
Website Security Check gave:
On iFrame Check:
Suspicious content.php?p=global&c=global&l=en_gb&s=qassa’
On Javascript Check:
Suspicious