Blog
Contact
Sign in
Scan complete
D
69/100
v6.ipv6test.app
Changed ยท score unchanged
Compare
10 high-risk issues to fix.
18/18
checks
53
passed
finished
Scan timestamps
Created
Jul 18, 2026, 3:38 PM
Started
Jul 18, 2026, 3:38 PM
Finished
Jul 18, 2026, 3:38 PM
Updated
Jul 18, 2026, 3:38 PM
Export PDF
Re-scan
Findings by severity
69 results
0
Critical
10
High
3
Medium
3
Low
53
Pass
Report coverage
89.2%
35 skipped - these limit completeness.
35 skipped
All
104
High
10
Medium
3
Low
3
Pass
53
Skipped
35
Email
69%
Sender Authentication (SPF)
Learn how it works
Info
0/7 pass
Sender Authentication (SPF)
No SPF record found
The domain does not publish an SPF policy.
High
Domain Alignment (DMARC)
Learn how it works
Info
6/7 pass
Domain Alignment (DMARC)
DMARC aggregate reporting is not configured
The DMARC record does not request aggregate reports, which reduces visibility into authentication failures.
Medium
Transport Encryption (SMTP TLS)
Learn how it works
Info
0/5 pass
Transport Encryption (SMTP TLS)
Mail servers are unreachable
No mail exchanger for the domain accepts SMTP connections on port 25, so inbound mail cannot be delivered.
High
Certificate Binding (DANE)
Learn how it works
Info
0/5 pass
Certificate Binding (DANE)
Mail servers are unreachable
No mail exchanger for the domain accepts SMTP connections on port 25, so inbound mail cannot be delivered.
High
Mail Servers (MX)
Learn how it works
Info
0/4 pass
Mail Servers (MX)
No MX records found
The domain does not publish MX records. Sending MTAs fall back to the A record, which is not a substitute for a proper MX configuration.
High
Mail Servers (MX)
Mail servers are unreachable
No mail exchanger for the domain accepts SMTP connections on port 25, so inbound mail cannot be delivered.
High
Transport Policy (MTA-STS)
Learn how it works
Info
0/6 pass
Transport Policy (MTA-STS)
Mail servers are unreachable
No mail exchanger for the domain accepts SMTP connections on port 25, so inbound mail cannot be delivered.
High
Transport Policy (MTA-STS)
MTA-STS DNS record is missing
The domain does not publish an MTA-STS TXT record, so sending servers cannot discover or enforce an MTA-STS policy.
High
TLS Reporting (TLS-RPT)
Learn how it works
Info
0/4 pass
TLS Reporting (TLS-RPT)
Mail servers are unreachable
No mail exchanger for the domain accepts SMTP connections on port 25, so inbound mail cannot be delivered.
High
TLS Reporting (TLS-RPT)
No TLS-RPT record found
The domain does not publish a TLS-RPT record. Sending servers cannot report TLS errors to this domain.
High
DNS
100%
DNS Health (Delegation & Exposure)
Learn how it works
Info
7/8 pass
DNS Health (Delegation & Exposure)
SOA serial does not use the recommended format
The SOA record is otherwise valid, but the serial number does not follow the recommended YYYYMMDDnn date format.
Low
CAA and Certificate Issuance Surface
Learn how it works
Info
1/6 pass
CAA and Certificate Issuance Surface
No CAA record is published
The domain does not publish a CAA record, so any publicly trusted certificate authority may issue certificates for it after standard validation.
Low
TLS
100%
TLS Configuration
Learn how it works
Info
5/6 pass
TLS Configuration
Weak elliptic curve accepted for key exchange
The server negotiates an elliptic curve below 256 bits for at least one ECDHE cipher suite. Weak curves reduce the effective security margin of the key exchange well below modern standards.
High
Web
100%
Disclosure Policy (security.txt)
Learn how it works
Info
0/4 pass
Disclosure Policy (security.txt)
security.txt is not present or not usable
The domain does not publish a usable security.txt file. Either both /.well-known/security.txt and /security.txt returned no file (404/401/403/410), or the location responded with HTTP 200 but non-text/plain content (typically an application page) or a body that is not valid UTF-8.
Medium
HTTP Security Headers
Learn how it works
Info
5/7 pass
HTTP Security Headers
Content-Security-Policy allows unsafe-eval or is missing two hardening directives
The CSP either permits 'unsafe-eval' (allowing arbitrary string-to-code execution) or is missing both object-src 'none' and base-uri, weakening its bypass resistance.
Medium
HTTP Security Headers
Deprecated security headers are present
The response sends one or more deprecated headers (X-XSS-Protection, Expect-CT, or Public-Key-Pins) that modern browsers ignore or that carry their own operational risk (HPKP).
Low
Feedback