Website Security Audit
Website Security & TLS Audit
Report IDCS-20260615-FDF79490
Report date2026-06-15
Targetclovitek.com
Standards referencedOWASP Top 10, Mozilla Observatory header model, CVSS v3.1, CIS / NIST hardening guidance
ScopePrimary host, automated remote evaluation (no authenticated or internal access)
MethodologyRemote probes of TLS, HTTP security headers, public exposure, reputation and performance. Automated remote scanning can verify only externally observable signals; controls that require manual review are marked Not Tested rather than assumed to pass.
Prepared byCloviScan — automated audit engine

This is an automated security audit, not a penetration test or compliance certification. Findings reflect signals observable from outside the target at scan time. Absence of a finding is not proof of security.

SECTION 2 · EXECUTIVE SUMMARY
78/ 100Hardening neededGrade B
2 Medium2 Low4findingsFindings by severity

Automated scanning surfaced 4 findings.

11 / 17
Controls tested
0
Critical + High
89
Cert days left
How this score was computed

Weighted 0–100 across: TLS certificate (25) · certificate validity (10) · HTTP security headers (30, weighted over HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) · public exposure probes (20) · reputation (20) · performance (15). Controls marked Not Tested are never counted as passing.

CHART · SECURITY POSTURE BY DOMAIN
THERP
Five-axis view of relative strength across TLS, Headers, Exposure, Reputation and Performance. Larger area is better. Axes derive from the real per-check results below.
SECTION 3 · SECURITY CONTROLS MATRIX
7 Pass4 Fail6 Not Tested

Controls marked Not Tested were not exercised by this automated remote scan and are shown for transparency — they are never counted as passing or failing.

TLS/Cert

ControlStatusSeverityOWASPSource
Valid TLS certificatePassA02 Cryptographic Failuresvia TLS probe — issuer Google Trust Services, expires 2026-09-12
Certificate long-term validityPassA02 Cryptographic Failuresvia cert expiry check — 89 days remaining
Cipher suite & TLS version gradeNot TestedA02 Cryptographic Failuresrequires deeper / manual review

Headers

ControlStatusSeverityOWASPSource
Strict-Transport-SecurityPassA05 Security Misconfigurationvia header probe
Content-Security-PolicyFailMediumA05 Security Misconfigurationvia header probe
X-Content-Type-OptionsPassA05 Security Misconfigurationvia header probe
X-Frame-OptionsFailMediumA05 Security Misconfigurationvia header probe
Referrer-PolicyFailLowA01 Broken Access Controlvia header probe
Permissions-PolicyFailLowA05 Security Misconfigurationvia header probe
Cookie flags (HttpOnly / Secure / SameSite)Not TestedA05 Security Misconfigurationrequires deeper / manual review
CORS policy (ACAO with credentials)Not TestedA05 Security Misconfigurationrequires deeper / manual review

Exposure

ControlStatusSeverityOWASPSource
Public file/path exposurePassA05 Security Misconfigurationvia 9 exposure probes
Mixed-content (HTTP subresources on HTTPS)Not TestedA02 Cryptographic Failuresrequires deeper / manual review
Dependency CVE / outdated component scanNot TestedA06 Vulnerable & Outdated Componentsrequires deeper / manual review

Reputation

ControlStatusSeverityOWASPSource
Malware / reputationPassA08 Software & Data Integrity Failuresvia safe-browsing lookup

DNS

ControlStatusSeverityOWASPSource
DNS records presentPassInfoA:2 MX:1 SPF:yes
DMARC / DKIM email-auth gradingNot TestedA07 Identification & Authentication Failuresrequires deeper / manual review
SECTION 4 · COMPLIANCE & EXPOSURE OVERVIEW
Overall exposure riskMedium
Framework (reference only)Relevant findings
PCI-DSS (TLS in transit)TLS present
GDPR (data-in-transit)Transport controls observed
OWASP ASVS V9 (Communications)0 high-priority finding(s)
CIS hardening benchmarksHeader & exposure controls evaluated above

This mapping is for reference only and is not a certification of compliance with any framework.

SECTION 5 · SEVERITY-PRIORITIZED REMEDIATION PLAN

Fixing the top 3 issue(s) resolves the highest-severity exposure detected. Items are ordered Critical → Info.

1

Content-Security-Policy header not set

Medium4.0–6.9 · A05 Security Misconfiguration · CWE-1021
Detected
Where / evidence: HEAD response for the target omitted the Content-Security-Policy response header.
Impact: No CSP means injected scripts (XSS) run without a defence-in-depth backstop.
How to fix: See the linked OWASP / MDN guidance for this control. (A curated, source-cited remediation is attached automatically when available.)
2

X-Frame-Options header not set

Medium4.0–6.9 · A05 Security Misconfiguration · CWE-1021
Detected
Where / evidence: HEAD response for the target omitted the X-Frame-Options response header.
Impact: The page can be framed by a malicious site for clickjacking.
How to fix: See the linked OWASP / MDN guidance for this control. (A curated, source-cited remediation is attached automatically when available.)
3

Permissions-Policy header not set

Low0.1–3.9 · A05 Security Misconfiguration · CWE-693
Detected
Where / evidence: HEAD response for the target omitted the Permissions-Policy response header.
Impact: Powerful browser features are not explicitly restricted.
How to fix: See the linked OWASP / MDN guidance for this control. (A curated, source-cited remediation is attached automatically when available.)
4

Referrer-Policy header not set

Low0.1–3.9 · A01 Broken Access Control · CWE-200
Detected
Where / evidence: HEAD response for the target omitted the Referrer-Policy response header.
Impact: Full referrer URLs may leak to third parties.
How to fix: See the linked OWASP / MDN guidance for this control. (A curated, source-cited remediation is attached automatically when available.)

Manual review recommended

Remote automated scanning cannot verify the following — they require authenticated or manual testing:

Export this report

Download official reportPrint with CloviPrintRe-scan clovitek.com
Report ID CS-20260615-FDF79490Generated 2026-06-15T15:52:04.206ZStandards: OWASP Top 10, CVSS v3.1, Mozilla Observatory modelPrepared by CloviScan