-searchencrypted com → https://sitecheck.sucuri.net/results/searchencrypted.com (all green)
The site could not be contacted (DNS or generic network issues)
The site uses insecure TLS (weak ciphers e.g.)
The site requires HTTP authentication → https://ipinfo.io/44.198.143.83 POP 443 alert by MBAM.
Hardening proposals; Protection
No website application firewall detected. Please install a cloud-based WAF to prevent website hacks and DDoS attacks.
Security Headers
Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors ‘none’. Affected pages:
-http://searchencrypted.com/404javascript.js
-https://www.searchencrypted.com/about/
-https://www.searchencrypted.com/about/contact
-https://www.searchencrypted.com/about/faq
-https://www.searchencrypted.com/errors/notfound
-https://www.searchencrypted.com/legal/privacy
-https://www.searchencrypted.com/legal/siteprivacy
-https://www.searchencrypted.com/legal/siteterms
Missing security header to prevent Content Type sniffing.
Missing Strict-Transport-Security security header.
Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src. Affected pages:
-http://searchencrypted.com/404javascript.js
-https://www.searchencrypted.com/about/
-https://www.searchencrypted.com/about/contact
-https://www.searchencrypted.com/about/faq
-https://www.searchencrypted.com/errors/notfound
-https://www.searchencrypted.com/legal/privacy
-https://www.searchencrypted.com/legal/siteprivacy
-https://www.searchencrypted.com/legal/siteterms
The ‘unsafe-eval’ keyword in Content-Security-Policy is not recommended. Please consider fixing the JavaScript code.
Default server banners displayed. Your site is displaying your web server default banners. Affected pages:
-http://searchencrypted.com/404javascript.js
-https://www.searchencrypted.com/Scripts/inline/conditional/Typeahead.js (source: Sucuri’s)
polonus