This scan was made by Website Security Scanner at webscanner.unofix.no

81/100
Can be improved

Scanned URL: eafa.nav.gov.hu

2026-02-09 12:50:55
πŸ›‘οΈ
Security Headers
40
πŸ”’
SSL / HTTPS
100
πŸͺ
Cookies
70
πŸ“‚
Exposed Files
100
πŸ–₯️
Server Info
100
❌ Security Headers 40%

Security headers are HTTP response headers that tell the browser how to handle a website’s content in a secure way.

3 of 8 recommended security headers found (40% score)

Header Status Value Description
X-Frame-Options βœ… SAMEORIGIN Protects against clickjacking attacks. Hackers can load your page in an invisible iframe and trick users into clicking buttons they cannot see (e.g. "Transfer money"). Value: SAMEORIGIN. Assessment: Good.
X-Content-Type-Options βœ… nosniff Prevents MIME-sniffing. A malicious file pretending to be an image can be executed as JavaScript and steal user data. Value: nosniff. Assessment: Good.
Strict-Transport-Security βœ… max-age=31536000; includeSubDomains; preload Enforces HTTPS usage (HSTS). Without HTTPS, attackers on the same WiFi network can intercept all communication and steal passwords in plain text. Value: max-age=31536000; includeSubDomains; preload. Assessment: Good.
Content-Security-Policy ❌ Not set Controls which resources can be loaded. Malicious scripts from third parties can run on your page and steal user data or spread malware. Status: Not set.
Referrer-Policy ❌ Not set Controls what referrer information is sent. Sensitive URLs (e.g. /reset-password?token=abc123) can leak to third parties via analytics or ads. Status: Not set.
Permissions-Policy ❌ Not set Controls access to browser features (camera, microphone, GPS). Malicious code or third-party scripts can secretly activate camera/microphone and spy on the user. Status: Not set.
Cross-Origin-Opener-Policy ❌ Not set Isolates your window from cross-origin windows. A malicious popup window can read data from your page via window.opener and steal sensitive information. Status: Not set.
Cross-Origin-Resource-Policy ❌ Not set Controls who can load your resources. Other websites can steal bandwidth by hotlinking to your images, or read pixel data from cross-origin images. Status: Not set.
βœ… Exposed Files & Information Disclosure 100%

No exposed files or directories found. Checked 49 file locations and 6 directories.

βœ… SSL/TLS Security 100%

Valid SSL certificate from trusted Certificate Authority. Certificate expires in 378 days.

πŸ“œ SSL Certificate Information
Status βœ… Valid
Issued To *.nav.gov.hu
Issued By e-Szigno SSL CA 2014
Valid Until 2027-02-22 14:13:11
Days Until Expiry 378 days
⚠️ Cookie Security 70%

1 of 1 cookie(s) are missing recommended security flags (70% score)

Cookie Name Security Flags Score Risk Issues
NAVHVR
!yUw...Zg==
πŸ”’ SecureπŸ›‘οΈ HttpOnly❌ SameSite
 70% 🟑 MEDIUM
  • Missing SameSite flag - Vulnerable to CSRF attacks
  • ℹ️ Session cookie (expires when browser closes)
  • Cookie sent to all paths (/) - Consider narrower scope if possible
βœ… Server Information Disclosure 100%

Server information is properly hidden. No version disclosure detected.

Header Status Value Risk
Server βœ… Hidden Not present Header not present (good - no information disclosure)
X-Powered-By βœ… Hidden Not present Header not present (good - no information disclosure)
X-AspNet-Version βœ… Hidden Not present Header not present (good - no information disclosure)
X-AspNetMvc-Version βœ… Hidden Not present Header not present (good - no information disclosure)
X-Generator βœ… Hidden Not present Header not present (good - no information disclosure)
🏠 Scan Another Website