- Nikto v2.1.6/2.1.5 + Target Host: ptsp.sumedangkab.go.id + Target Port: 443 + GET The anti-clickjacking X-Frame-Options header is not present. + GET The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS + GET The site uses SSL and the Strict-Transport-Security HTTP header is not defined. + GET The site uses SSL and Expect-CT header is not present. + GET The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type + HEAD /ptsp.zip: Potentially interesting archive/cert file found. + HEAD /ptsp.zip: Potentially interesting archive/cert file found. (NOTE: requested by IP address). + GET Server is using a wildcard certificate: *.sumedangkab.go.id + HEAD Apache/2.4.18 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch. + OSVDB-3268: GET /pdf/: Directory indexing found. + GET Cookie simpeg_session created without the secure flag + GET Cookie CI_DEFAULT_APP created without the secure flag + GET Cookie CI_DEFAULT_APP created without the httponly flag + GET Uncommon header 'x-ob_mode' found, with contents: 1 + OSVDB-3092: GET /db/: This might be interesting... + GET /info.php: Output from the phpinfo() function was found. + OSVDB-3233: GET /info.php: PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information. + OSVDB-3233: GET /icons/README: Apache default file found. + OSVDB-5292: GET /info.php?file=http://cirt.net/rfiinc.txt?: RFI from RSnake's list (http://ha.ckers.org/weird/rfi-locations.dat) or from http://osvdb.org/ + GET Cookie ci_session_frontend created without the secure flag