90
dwolla.com
Findings
7
·
0
·
1
Checks
8 passive
Executive Summary
AI-GENERATED
dwolla.com scored 90/100, demonstrating a strong security posture. No material issues found.
Critical gaps in: Security Headers. Positive signals: TLS Configuration, DMARC / Email Security, Known Breaches all passed.
1 action item identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.
Action Items
Ordered by priority · 1 items
1
Add missing security headers (X-Content-Type-Options, X-Frame-Options, Permissions-Policy)
3 of 5 recommended security headers are missing on dwolla.com: X-Content-Type-Options, X-Frame-Options, Permissions-Policy. These headers protect against clickjacking, MIME-sniffing, and unauthorized browser feature access. Adding them is a server configuration change with no application code changes required.
Compliance Impact
PCI-DSS 4.0Req 6.4.1
Security headers are required application controls
OWASPSecure Headers
Recommended baseline for web applications
Remediation Steps
1
Add: X-Content-Type-Options: nosniff
2
Add: X-Frame-Options: DENY (or SAMEORIGIN if you use iframes)
3
Add: Permissions-Policy: camera=(), microphone=(), geolocation=()
4
Verify with: curl -sI https://dwolla.com | grep -iE 'content-security|x-frame|x-content|referrer|permissions'
Scan Findings
Security Headers
Critical
Known Breaches
Healthy
TLS Configuration
Healthy
DNS Configuration
Healthy
HSTS Header
Healthy
CVE Exposure
Healthy
DMARC / Email Security
Healthy
Certificate Hygiene
Healthy