This scan was made by Website Security Scanner at webscanner.unofix.no

69/100
Can be improved

Scanned URL: forum.wordreference.com

2026-02-20 13:47:36
πŸ›‘οΈ
Security Headers
20
πŸ”’
SSL / HTTPS
100
πŸͺ
Cookies
25
πŸ“‚
Exposed Files
100
πŸ–₯️
Server Info
100
❌ Security Headers 20%

Security headers are HTTP response headers that tell the browser how to handle a website’s content in a secure way.

2 of 8 recommended security headers found (20% score)

Header Status Value Description
X-Frame-Options βœ… SAMEORIGIN Protects against clickjacking attacks. Hackers can load your page in an invisible iframe and trick users into clicking buttons they cannot see (e.g. "Transfer money"). Value: SAMEORIGIN. Assessment: Good.
X-Content-Type-Options βœ… nosniff Prevents MIME-sniffing. A malicious file pretending to be an image can be executed as JavaScript and steal user data. Value: nosniff. Assessment: Good.
Strict-Transport-Security ❌ Not set Enforces HTTPS usage (HSTS). Without HTTPS, attackers on the same WiFi network can intercept all communication and steal passwords in plain text. Status: Not set.
Content-Security-Policy ❌ Not set Controls which resources can be loaded. Malicious scripts from third parties can run on your page and steal user data or spread malware. Status: Not set.
Referrer-Policy ❌ Not set Controls what referrer information is sent. Sensitive URLs (e.g. /reset-password?token=abc123) can leak to third parties via analytics or ads. Status: Not set.
Permissions-Policy ❌ Not set Controls access to browser features (camera, microphone, GPS). Malicious code or third-party scripts can secretly activate camera/microphone and spy on the user. Status: Not set.
Cross-Origin-Opener-Policy ❌ Not set Isolates your window from cross-origin windows. A malicious popup window can read data from your page via window.opener and steal sensitive information. Status: Not set.
Cross-Origin-Resource-Policy ❌ Not set Controls who can load your resources. Other websites can steal bandwidth by hotlinking to your images, or read pixel data from cross-origin images. Status: Not set.
βœ… Exposed Files & Information Disclosure 100%

No exposed files or directories found. Checked 49 file locations and 6 directories.

βœ… SSL/TLS Security 100%

Valid SSL certificate from trusted Certificate Authority. Certificate expires in 31 days.

πŸ“œ SSL Certificate Information
Status βœ… Valid
Issued To *.wordreference.com
Issued By E7
Valid Until 2026-03-23 08:31:13
Days Until Expiry 31 days
❌ Cookie Security 25%

1 of 1 cookie(s) have CRITICAL security issues (25% score) - Immediate action required!

Cookie Name Security Flags Score Risk Issues
xf_csrf
844a...9cTz
πŸ”’ Secure❌ HttpOnly❌ SameSite
 35% πŸ”΄ HIGH
  • Missing HttpOnly flag - Cookie can be stolen via XSS attacks
  • Missing SameSite flag - Vulnerable to CSRF attacks
  • ℹ️ Session cookie (expires when browser closes)
  • +2 more issue(s)
βœ… Server Information Disclosure 100%

1 server information header(s) disclosed. Consider hiding these to reduce attack surface.

Header Status Value Risk
Server ❌ Exposed nginx Server software disclosed (nginx) but no version number. Consider hiding this header completely.
X-Powered-By βœ… Hidden Not present Header not present (good - no information disclosure)
X-AspNet-Version βœ… Hidden Not present Header not present (good - no information disclosure)
X-AspNetMvc-Version βœ… Hidden Not present Header not present (good - no information disclosure)
X-Generator βœ… Hidden Not present Header not present (good - no information disclosure)
🏠 Scan Another Website