25
低风险
2026-05-21 07:50:30
发现的安全问题
- ⚠️[LOW] 服务器信息泄露
- ⚠️[MEDIUM] 缺少 HTTP 安全头
修复建议
- 💡添加 DMARC 记录增强邮件安全
- 💡配置 Web 服务器添加这些安全头
- 💡移除或修改 Server/X-Powered-By 响应头
🌐域名信息
目标域名bzga.de
注册域名bzga.de
顶级域名.de
🛡️威胁情报 (7 platforms)
Blacklist未列入黑名单
Malware0
Phishing0
Abuse Score0/100
🐛发现的漏洞 (2)
MEDIUM缺少 HTTP 安全头
缺少以下安全头: X-Frame-Options, Permissions-Policy
修复建议: 配置 Web 服务器添加这些安全头
LOW服务器信息泄露
响应头泄露服务器信息: Server: nginx, X-Powered-By: nothing
修复建议: 移除或修改 Server/X-Powered-By 响应头
🔌开放端口 (2)
80
http
443
https
🌐DNS 记录
A: 194.153.219.100
MX: 10 mx1.bund.de.
MX: 10 mx2.bund.de.
NS: ns1.dimdi.de.
NS: sif.komtel.net.
TXT: "cisco-ci-domain-verification=c17155493cc019b0d6e9ae29a97669d34c67d3381dd85e6069af6b419995311"
TXT: "HARICA-PSAC7arOEPKtzt52l92"
TXT: "apple-domain-verification=EpcTr0VRoIywsRxJ"
TXT: "v=spf1 include:_spf1.bund.de include:_spf.bzga.de -all"
SOA: ns1.dimdi.de. hostmaster.bfarm.de. 2026031601 10800 3600 604800 86400
📋HTTP 响应头
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' https://piwik.bzga.de/ https://shop.bioeg.de/ https://www.youtube.com/ https://www.youtube-nocookie.c
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
X-Powered-By: nothing