Sample report for example.com
Illustrative only.
example.comwas not actually scanned, and the findings below are examples of what a real report can contain. Specific checks and severities depend on your domain and the launch stage of the scanner. The emailed report is a safe summary — sensitive details are never shown publicly or sent in the clear. See how we classify severity for what High, Medium, and Low mean here.
Overall status: Medium risk
Top actions
- Fix the weak TLS configuration on the affected hosts.
- Move email authentication from monitoring (p=none) toward enforcement.
- Add the missing security headers (HSTS, CSP, X-Content-Type-Options).
- Review stale DNS records and remove what you no longer use.
Findings
Legacy cipher accepted
High- Area
- TLS · www.example.com
- Evidence
- The server negotiated a TLS 1.0 connection using a 3DES cipher suite.
- Why it matters
- Legacy protocols and suites are subject to known downgrade and decryption attacks, weakening the confidentiality of user traffic.
- Recommended fix
- Disable TLS 1.0/1.1 and legacy suites; require TLS 1.2 or 1.3 with modern ciphers.
- Reference
- How to check an SSL/TLS certificate
- Retest
- Re-scan after reloading the server configuration.
DMARC policy not enforced
Medium- Area
- Email authentication · example.com
- Evidence
- The record at `_dmarc.example.com` publishes `p=none`.
- Why it matters
- Monitoring mode collects reports but does not ask receivers to quarantine or reject failing mail, so the visible domain remains spoofable.
- Recommended fix
- Review aggregate reports, fix legitimate senders, then move to `p=quarantine` and later `p=reject`.
- Reference
- How to fix a DMARC p=none finding
- Retest
- Re-scan after the DNS change propagates.
Missing HSTS header
Medium- Area
- Security headers · www.example.com
- Evidence
- No `Strict-Transport-Security` header was returned on the HTTPS response.
- Why it matters
- Without HSTS, a first visit can be downgraded to HTTP and exposed to interception.
- Recommended fix
- Add `Strict-Transport-Security: max-age=31536000; includeSubDomains` once HTTPS is stable.
- Reference
- HTTP security headers explained
- Retest
- Re-scan after the header is deployed.
Stale TXT records exposed
Low- Area
- DNS · example.com
- Evidence
- Two TXT records point to verification tokens for services no longer in use.
- Why it matters
- Forgotten records add noise and can reveal providers you used before; abandoned entries can become a takeover path.
- Recommended fix
- Review your TXT records and remove what you no longer need.
- Reference
- DNS records that affect your security
- Retest
- Re-scan after cleaning up the records.
Checks performed
- DNS
- TLS
- Email authentication
- Security headers
- Exposed services
What is not included
- No login testing
- No password testing
- No exploit attempts
- No form submission