Blog
Contact
Sign in
Scan complete
D
62/100
jamano.pl
Changed · score unchanged
Compare
2 critical issues need immediate attention.
16/16
checks
35
passed
finished
Scan timestamps
Created
Jul 17, 2026, 11:18 AM
Started
Jul 17, 2026, 11:19 AM
Finished
Jul 17, 2026, 11:19 AM
Updated
Jul 17, 2026, 11:19 AM
Export PDF
Re-scan
Findings by severity
55 results
2
Critical
6
High
8
Medium
4
Low
35
Pass
Report coverage
86.39%
10 couldn’t be evaluated · 30 skipped - these limit completeness.
10 error
30 skipped
All
95
Critical
2
High
6
Medium
8
Low
4
Pass
35
Error
10
Skipped
30
Email
96%
Domain Alignment (DMARC)
Learn how it works
Info
3/7 pass
Domain Alignment (DMARC)
DMARC policy is monitoring only
The DMARC policy uses p=none and does not ask receivers to block or quarantine failing mail.
High
Domain Alignment (DMARC)
DMARC subdomain policy is weak
Subdomains are not protected by an enforcement policy.
High
Domain Alignment (DMARC)
DMARC alignment is relaxed
The DMARC record allows relaxed identifier alignment for DKIM or SPF.
Low
Transport Encryption (SMTP TLS)
Learn how it works
Info
4/5 pass
Transport Encryption (SMTP TLS)
Some mail servers are unreachable
At least one mail exchanger accepts SMTP connections on port 25, but one or more others do not respond.
Medium
Certificate Binding (DANE)
Learn how it works
Info
0/5 pass
Certificate Binding (DANE)
Some mail servers are unreachable
At least one mail exchanger accepts SMTP connections on port 25, but one or more others do not respond.
Medium
Certificate Binding (DANE)
No MX host TLSA zone is protected by DNSSEC
None of the MX hosts have DNSSEC on their TLSA lookup zones. DANE SMTP cannot function without DNSSEC, as sending servers will ignore TLSA records from unsigned zones.
Critical
Mail Servers (MX)
Learn how it works
Info
2/4 pass
Mail Servers (MX)
MX host is unreachable or resolves only to reserved addresses
At least one MX hostname either does not resolve to any IP address, or resolves exclusively to reserved addresses that are not publicly routable.
High
Mail Servers (MX)
Some mail servers are unreachable
At least one mail exchanger accepts SMTP connections on port 25, but one or more others do not respond.
Medium
Transport Policy (MTA-STS)
Learn how it works
Info
0/6 pass
Transport Policy (MTA-STS)
Some mail servers are unreachable
At least one mail exchanger accepts SMTP connections on port 25, but one or more others do not respond.
Medium
Transport Policy (MTA-STS)
MTA-STS DNS record is missing
The domain does not publish an MTA-STS TXT record, so sending servers cannot discover or enforce an MTA-STS policy.
High
TLS Reporting (TLS-RPT)
Learn how it works
Info
0/4 pass
TLS Reporting (TLS-RPT)
Some mail servers are unreachable
At least one mail exchanger accepts SMTP connections on port 25, but one or more others do not respond.
Medium
TLS Reporting (TLS-RPT)
No TLS-RPT record found
The domain does not publish a TLS-RPT record. Sending servers cannot report TLS errors to this domain.
High
DNS
100%
DNS Integrity (DNSSEC)
Learn how it works
Info
0/7 pass
DNS Integrity (DNSSEC)
DNSSEC is not enabled
The parent zone does not publish a DS record for this domain.
Medium
DNS Health (Delegation & Exposure)
Learn how it works
Info
7/8 pass
DNS Health (Delegation & Exposure)
SOA serial does not use the recommended format
The SOA record is otherwise valid, but the serial number does not follow the recommended YYYYMMDDnn date format.
Low
CAA and Certificate Issuance Surface
Learn how it works
Info
1/6 pass
CAA and Certificate Issuance Surface
No CAA record is published
The domain does not publish a CAA record, so any publicly trusted certificate authority may issue certificates for it after standard validation.
Low
TLS
92%
TLS Certificate
Learn how it works
Info
5/9 pass
TLS Certificate
Certificate chain is not trusted by any trust store
The certificate chain does not build to a trusted root in any evaluated trust store. This is typically caused by a self-signed certificate or a private/internal CA. Every visitor will see a security warning.
Critical
TLS Certificate
Could not determine revocation status
SecRift could not confirm the certificate's revocation status via OCSP - the responder did not answer or the query failed. The result is inconclusive and does not affect the score.
Doesn’t affect score · lowers coverage
Error
TLS Certificate
Certificate chain is incomplete
The server sends only the leaf certificate without any intermediate certificate. Clients that do not cache or fetch intermediate CAs on their own (e.g. some mobile clients, older TLS libraries) will fail to build a trust path even though the certificate itself was issued correctly.
Medium
TLS Certificate
Could not evaluate signature algorithm
SecRift could not retrieve or parse the server's certificate. The result is inconclusive and does not affect the score.
Doesn’t affect score · lowers coverage
Error
TLS Configuration
Learn how it works
Info
2/6 pass
TLS Configuration
TLS 1.3 not offered
The server accepts only TLS 1.2, which is secure when configured correctly, but does not offer TLS 1.3, the current recommended version with a simplified, faster, and more secure handshake.
Low
TLS Configuration
Cipher suites without forward secrecy accepted
The server accepts one or more cipher suites using static RSA or static (EC)DH key exchange. If the server's private key is ever compromised, an attacker with recorded traffic can decrypt past sessions negotiated with these cipher suites.
Medium
TLS Configuration
Weak elliptic curve accepted for key exchange
The server negotiates an elliptic curve below 256 bits for at least one ECDHE cipher suite. Weak curves reduce the effective security margin of the key exchange well below modern standards.
High
Web
Disclosure Policy (security.txt)
Learn how it works
Info
0/4 pass
Disclosure Policy (security.txt)
security.txt could not be retrieved
The security.txt endpoint could not be reached due to a network, TLS, or DNS error.
Doesn’t affect score · lowers coverage
Error
HTTP Security Headers
Learn how it works
Info
0/7 pass
HTTP Security Headers
HSTS could not be evaluated
The site's HTTPS response could not be retrieved reliably.
Doesn’t affect score · lowers coverage
Error
HTTP Security Headers
Content-Security-Policy could not be evaluated
The site's HTTPS response could not be retrieved reliably.
Doesn’t affect score · lowers coverage
Error
HTTP Security Headers
Clickjacking protection could not be evaluated
The site's HTTPS response could not be retrieved reliably.
Doesn’t affect score · lowers coverage
Error
HTTP Security Headers
MIME sniffing protection could not be evaluated
The site's HTTPS response could not be retrieved reliably.
Doesn’t affect score · lowers coverage
Error
HTTP Security Headers
Referrer-Policy could not be evaluated
The site's HTTPS response could not be retrieved reliably.
Doesn’t affect score · lowers coverage
Error
HTTP Security Headers
Permissions-Policy could not be evaluated
The site's HTTPS response could not be retrieved reliably.
Doesn’t affect score · lowers coverage
Error
HTTP Security Headers
Information leakage could not be evaluated
The site's HTTPS response could not be retrieved reliably.
Doesn’t affect score · lowers coverage
Error
Feedback