Website Health Check

Scanned 28/02/2026

B68/100

newsking.com.au

https://shop.newsking.com.au/

1.2s21 checks

Twitter LinkedIn

HTTPS & TLS

A+ (100%)

TLS 1.2 Support10/10

TLS 1.2 is supported. Learn more ↗

TLS 1.3 Support5/5

TLS 1.3 is supported (latest version, best performance). Learn more ↗

TLS 1.0 Disabled5/5

TLS 1.0 is disabled (deprecated protocol correctly rejected). Learn more ↗

TLS 1.1 Disabled5/5

TLS 1.1 is disabled (deprecated protocol correctly rejected). Learn more ↗

SSL Certificate5/5

Valid SSL certificate from Google Trust Services - WE1, expires in 47 days. Learn more ↗

Security Headers

C (57%)

Strict-Transport-Security7/15

HSTS configured but max-age is 7889238 (recommended: 31536000+), missing includeSubDomains. Learn more ↗

X-Content-Type-Options5/5

X-Content-Type-Options is set to nosniff. Learn more ↗

X-Frame-Options5/5

X-Frame-Options is set to DENY. Learn more ↗

Referrer-Policy0/5

Referrer-Policy header is missing. Full URLs may be sent in referrer headers. Learn more ↗

Content Security Policy

B (75%)

Content Security Policy5/10

CSP exists but missing default-src or script-src directive. Learn more ↗

CSP unsafe-inline5/5

CSP does not use unsafe-inline. Learn more ↗

CSP unsafe-eval5/5

CSP does not use unsafe-eval. Learn more ↗

Permissions Policy

F (0%)

Permissions Policy0/10

No Permissions-Policy or Feature-Policy header found. Browser features like camera, microphone, and geolocation are unrestricted. Learn more ↗

Server Security

B (67%)

Server Header Disclosure5/5

Server header shows "cloudflare" (CDN/platform, not a disclosure concern). Learn more ↗

Domain Blacklist5/5

Domain is not listed on any of the 3 DNS blacklists checked. Learn more ↗

Exposed Sensitive Paths0/5

Critical: /.env is publicly accessible (information disclosure risk). Learn more ↗

Content Security

A (80%)

Mixed Content5/5

No mixed content detected. All resources use HTTPS. Learn more ↗

Redirect Chain3/5

1 redirect across 2 domains. Moderate redirect chain. Learn more ↗

Email Security

D (40%)

SPF Record3/3

SPF record found: v=spf1 include:spf.protection.outlook.com -all Learn more ↗

DMARC Policy0/4

No DMARC record found. The domain has no policy for handling spoofed email. Learn more ↗

DKIM Signing1/3

No DKIM records found for common selectors. DKIM may use a custom selector not checked here. Learn more ↗

Recommendations

1
mediumAdd a Permissions-Policy header restricting camera, microphone, geolocation, and payment.
2
mediumSet Referrer-Policy to strict-origin-when-cross-origin or stricter.
3
mediumRestrict access to admin and sensitive paths using IP allowlists or authentication.
4
mediumAdd a DMARC record with p=reject at _dmarc.yourdomain.com to block spoofed emails.
5
mediumAdd a Strict-Transport-Security header with max-age=31536000 and includeSubDomains.
6
mediumImplement a Content-Security-Policy header with at least default-src and script-src directives.
7
mediumReduce the number of redirects in your URL chain. Excessive redirects slow page loads and may indicate URL obfuscation.
8
mediumConfigure DKIM signing for your email to authenticate outgoing messages.

This scan checks publicly observable security configuration. It does not test for application-level vulnerabilities, perform penetration testing, or access any private data. Results are informational only.