- Nikto v2.5.0/ + Target Host: demo.lnr-argentina.com.ar + Target Port: 8081 + GET /: The anti-clickjacking X-Frame-Options header is not present. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options: + GET /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/: - Nikto v2.5.0/ + Target Host: demo.lnr-argentina.com.ar + Target Port: 7003 + GET /: Cookie XSRF-TOKEN created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies: + GET /: Retrieved x-powered-by header: PHP/8.2.24. + GET /: The anti-clickjacking X-Frame-Options header is not present. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options: + GET /: Uncommon header 'x-ratelimit-limit' found, with contents: 500. + GET /: Uncommon header 'x-ratelimit-remaining' found, with contents: 500. + GET /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/: + GET /login/: Drupal Link header found with value: ; rel="preload"; as="style", ; rel="modulepreload", ; rel="modulepreload", ; rel="modulepreload", ; rel="modulepreload", ; rel="modulepreload", ; rel="modulepreload", ; rel="modulepreload", ; rel="modulepreload", ; rel="modulepreload", ; rel="modulepreload". See: https://www.drupal.org/: + GET /login/: This might be interesting. + GET /.htaccess: Contains configuration and/or authorization information. + GET /api/soap/?wsdl=1: Retrieved access-control-allow-origin header: *.