2.5 KiB

Raw Blame History

Vulnerability Scan Report — January 2026

Scan Date: January 31, 2026
Target: https://inou.com
Scanner: Nuclei (ProjectDiscovery)
Scanner Location: zurich.inou.com (Zürich, Switzerland)

Executive Summary

Severity	Count
🔴 Critical	0
🟠 High	0
🟡 Medium	0
🔵 Low	0
⚪ Informational	34

Result: No exploitable vulnerabilities detected. All findings are informational.

Findings & Remediation

HTTP Security Headers (11 findings)

Header	Status	Date
Strict-Transport-Security	✅ Remediated	Feb 1, 2026
X-Content-Type-Options	✅ Remediated	Feb 1, 2026
X-Frame-Options	✅ Remediated	Feb 1, 2026
Referrer-Policy	✅ Remediated	Feb 1, 2026
Permissions-Policy	✅ Remediated	Feb 1, 2026
Cross-Origin-Opener-Policy	✅ Remediated	Feb 1, 2026
Cross-Origin-Resource-Policy	✅ Remediated	Feb 1, 2026
X-Permitted-Cross-Domain-Policies	✅ Remediated	Feb 1, 2026
Content-Security-Policy	⏸️ Deferred	Requires app tuning
Cross-Origin-Embedder-Policy	⏸️ Skipped	Breaks Google Fonts
Clear-Site-Data	⏸️ N/A	Logout only

Remediation: Added headers to Caddy reverse proxy (192.168.0.2).

TLS/SSL (3 findings)

Finding	Status
TLS 1.2 supported	✅ Expected
TLS 1.3 supported	✅ Expected
ZeroSSL certificate	✅ Expected

DNS Configuration (10 findings)

Finding	Status
SPF configured	✅ Good
DMARC (p=reject)	✅ Good
ProtonMail MX	✅ Expected
DNSSEC not enabled	⏸️ Low priority

Other Informational (10 findings)

Technology detection (Caddy, Google Fonts) — expected
robots.txt endpoints — expected
OAuth discovery endpoint — expected
Domain WHOIS metadata — informational

Actions Taken

Date	Action
Jan 31, 2026	Initial baseline scan from Zurich
Feb 1, 2026	Added 8 HTTP security headers to Caddy
Feb 1, 2026	Verified headers via curl
Feb 1, 2026	Set up automated weekly/monthly scans

Next Steps

P2: Implement Content-Security-Policy (requires app testing)
P3: Enable DNSSEC via Openprovider
Continue: Weekly and monthly automated scans

Raw Output

See: inou-com-20260131.txt

Report generated by James ⚡ (AI Operations)

2.5 KiB Raw Blame History