Summary of kidschatgpt.

com [Desktop version]

Website Security Test
Provided "as is" without any warranty of any kind.
kidschatgpt.com was tested 1 time during the last 12 months.

Your final score:

A
Tested on: Oct 10th, 2024 13:05:58 GMT+8

C
Server IP: 143.244.184.47 B
Reverse DNS: -
C
Location: Santa Clara
Client: Desktop version
F

Software Compliance Compliance Content

Security Test Test Test Security Policy Test

2 ISSUES FOUND NO ISSUES FOUND 1 ISSUE FOUND MISSING

Headers
Security Test

NO MAJOR ISSUES FOUND

 DNSSEC
DNSSEC (Domain Name System Security Extensions) is a security protocol that protects against DNS spoofing by
ensuring the authenticity and integrity of DNS data.

Domain kidschatgpt.com has 1 unsigned DNS record of A type:

Type Domain name IP Address

A kidschatgpt.com 143.244.184.47

Discovered Subdomains

No subdomains were found. Information

 Web Server Security Test of kidschatgpt.com

HTTP RESPONSE HTTP VERSIONS NPN

200 OK HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/1.1

ALPN CONTENT ENCODING SERVER SIGNATURE

HTTP/1.1 None nginx/1.18.0 Ubuntu

WAF LOCATION HTTP METHODS ENABLED

No WAF detected N/A ✔ GET ✔ HEAD ✔ OPTIONS

 Web Software Security Test

Web Software Web Software Web Software

Found Outdated Vulnerabilities

2 2 0
Fingerprinted CMS & Vulnerabilities

No CMS were fingerprinted on the website. Information

Fingerprinted CMS Components & Vulnerabilities

jQuery 3.6.0

The component is outdated. No known security vulnerabilities found. Update to the most recent version 3.7.1.

Bootstrap 5.3.2

The component is outdated. No known security vulnerabilities found. Update to the most recent version 5.3.3.
 GDPR Compliance Test of kidschatgpt.com
If the website processes or stores personal data of the EU residents, the following requirements of EU GDPR may
apply:

PRIVACY POLICY

Privacy Policy was found on the website. Good configuration

WEBSITE SECURITY

No publicly known vulnerabilities were found in the website CMS or its components. Good configuration

TLS ENCRYPTION

HTTPS encryption is present on the web server. Good configuration

COOKIE PROTECTION

No cookies with personal or tracking information seem to be sent. Information

COOKIE DISCLAIMER

No third-party cookies or cookies with tracking information seem to be sent. Information

 PCI DSS Compliance Test
If the website falls into a CDE (Cardholder Data Environment) scope, the following Requirements of PCI DSS may
apply:

REQUIREMENT 6.3

No publicly known vulnerabilities seem to be present in the fingerprinted versions of

Good configuration
the website CMS and its components.

REQUIREMENT 6.4

No WAF was detected on the website. Implement a WAF to protect the website Misconfiguration or
against common web attacks. weakness
 HTTP Headers Security of kidschatgpt.com

Some HTTP headers related to security and privacy are missing or Misconfiguration or
misconfigured. weakness

MISSING REQUIRED HTTP HEADERS

Strict-Transport-Security X-Frame-Options X-Content-Type-Options

MISSING OPTIONAL HTTP HEADERS

Access-Control-Allow-Origin Permissions-Policy

SERVER

The web server discloses its version, potentially facilitating further attacks Misconfiguration or
against it. weakness

Server
Server: nginx/1.18.0 (Ubuntu)
Cookies Privacy and Security Analysis of kidschatgpt.com

No cookies were sent by the web application. Good configuration

 External Content Privacy and Security Analysis

SUBRESOURCE INTEGRITY

Subresource Integrity (SRI) is a security feature that allows browsers to verify that fetched resources (scripts and
stylesheets) are delivered without unexpected alterations. The integrity of third-party resources is ensured by
validating their cryptographic hashes.

SRI is correctly implemented for 2 out of 5 third-party JavaScripts and CSS files.
Ensure that SRI is applied to all external JavaScripts and CSS files for complete Information
security.

EXTERNAL CONTENT

External web content (e.g. images, video, CSS or JavaScript) can improve website loading time. However, the external
content can also put privacy of website visitors at risk given that some information about them is transmitted to the
third parties operating the external resources, sometimes even without proper HTTPS encryption or user consent.

External HTTP Requests Failed HTTP Requests

7 1
www.google-analytics.com

https://www.google-analytics.com/g/collect?v=2&tid=G-RF0B5M23Z4&gtm=45je4a70v9105854853za200&
_p=1728536637679&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533422~101671035~101686685
&cid=949271752.1728536638&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Not%253A
A-Brand%3B99.0.0.0%7CChromium%3B112.0.5615.165&uamb=0&uam=&uap=Linux&uapv=4.15.0&am
p;uaw=0&frm=0&pscdl=noapi&_s=1&sid=1728536638&sct=1&seg=0&dl=https%3A%2F%
2Fkidschatgpt.com%2F&dt=Kids%20ChatGPT%20%7C%20Learn%2C%20Play%20%26%20Talk%20with%20A.I.%20Ma
de%20for%20Kids&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=854

cdn.jsdelivr.net

https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css SRI

https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js SRI

cdnjs.cloudflare.com

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css SRI
code.jquery.com

https://code.jquery.com/jquery-3.6.0.min.js SRI

SHOW 2 MORE
Need More? Upgrade to ImmuniWeb® AI Platform

Get remediation advice and ensure compliance with ImmuniWeb AI Platform:

API Security Web Penetration

Scanning Testing

Cybersecurity
Compliance

FREE DEMO GET PRICING