See: https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fgarlanca.com
Error from Cloudfront: https://aw-snap.info/file-viewer/?protocol=secure&tgt=garlanca.com%2F&ref_sel=GSP2&ua_sel=ff&fs=1
Vulnerabilities: https://app.upguard.com/webscan#/garlanca.com

From a scan at first glance:
CSTAR Score
642
Security Checks for -garlanca.com
(5) Domain at risk of being hijacked
Domain registrar deletion protection not enabled
Domain registrar update protection not enabled
Domain registry deletion protection not enabled
Domain registry transfer protection not enabled
Domain registry update protection not enabled
Vulnerabilities can be uncovered more easily
X-Powered-By header exposed
(4) Susceptible to man-in-the-middle attacks
HTTP Strict Transport Security (HSTS) not enforced
HSTS header does not contain max-age
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion
(2) Emails can be fraudulently sent
SPF not enabled
DMARC not enabled
DNS is susceptible to man-in-the-middle attacks
DNSSEC not enabled

strict-transport-security: 2 errors
ERROR
‘strict-transport-security’ header was not specified
-https://garlanca.com/
ERROR
‘strict-transport-security’ header was not specified
-https://garlanca.com/favicon.ico
no-disallowed-headers: 1 error
‘x-powered-by’ header is disallowed
-https://garlanca.com/

See what “talked” to this domain: https://urlscan.io/domain/garlanca.com
Miss from cloudfront - a 403 returned no content.

polonus