redprobe-ai.polsia.app
Scanned May 18, 2026 at 9:37 PM
C
SECURITY GRADE
Needs attention — significant gaps.
0Critical
2High
4Medium
5Low
0Info
Findings (11)
high
Missing Header: HSTS
Missing HSTS — browsers not forced to use HTTPS, enabling downgrade attacks.
Category: HTTP Headers
high
Missing Header: Content-Security-Policy
No CSP — XSS attacks have no browser-level mitigation.
Category: HTTP Headers
medium
Open Port: 8080 (HTTP-Alt)
Alternate HTTP port open — may expose admin panels or dev services.
Category: Ports
medium
Open Port: 8443 (HTTPS-Alt)
Alternate HTTPS port — verify what service is exposed.
Category: Ports
medium
Missing Header: X-Frame-Options
Missing X-Frame-Options — site may be vulnerable to clickjacking attacks.
Category: HTTP Headers
medium
Missing Header: X-Content-Type-Options
Missing X-Content-Type-Options — browser may MIME-sniff responses.
Category: HTTP Headers
low
Open Port: 80 (HTTP)
Unencrypted HTTP — ensure redirect to HTTPS is in place.
Category: Ports
low
Missing Header: X-XSS-Protection
Missing legacy XSS protection header (low impact on modern browsers).
Category: HTTP Headers
low
Missing Header: Referrer-Policy
Missing Referrer-Policy — sensitive URL parameters may leak to third parties.
Category: HTTP Headers
low
Missing Header: Permissions-Policy
No Permissions-Policy — camera/mic/geolocation access not explicitly restricted.
Category: HTTP Headers
low
Technology Fingerprint Exposed
X-Powered-By header reveals: "Express". Remove this header to reduce attack surface.
Category: HTTP Headers
Reconnaissance Details
SSL / TLS
validyes
expires in89 days
subjectredprobe-ai.polsia.app
issuerGoogle Trust Services
Open Ports (4)
DNS Records
A
CNAME
Exposed Paths
statusnone found
This report was generated by Redprobe on May 18, 2026. Results reflect passive reconnaissance and simulation only — no exploit code was executed. Always verify findings in your specific environment.