Deep SSL/TLS Vulnerability Test
This report provides a deep analysis of the SSL/TLS configuration of ansonng.com. It checks for protocol support, cipher strength, and known vulnerabilities.
Scan Results
Testing all IP addresses (port 443): 161.35.249.255 138.197.25.86 ----------------------------------------------------- Start 2026-01-07 16:28:33 -->> 161.35.249.255:443 (ansonng.com) <<-- Further IP addresses: 138.197.25.86 2604:a880:800:14:0:2:372e:2000 2604:a880:800:14:0:2:372e:6000 rDNS (161.35.249.255): -- Service detected: HTTP ansonng.com:443 appeared to support TLS 1.3 ONLY. Thus switched automagically from "/app/testssl.sh/bin/openssl.Linux.x86_64" to "/usr/bin/openssl". Testing for server implementation bugs No bugs found. Testing HTTP header response @ "/" HTTP Status Code 200 OK HTTP clock skew +420642 sec from localtime HTTP Age (RFC 7234) 420642 IPv4 address in header X-Anson-Ng-Request-Id: 1767803335.884-34.96.47.131-1054202 (check if it's your IP address or e.g. a cluster IP) Strict Transport Security 365 days=31536000 s, includeSubDomains, preload Public Key Pinning -- Server banner Anson Ng Edge Application banner X-Powered-By: Anson Secure Platform X-Version: 2025.1.0 Cookie(s) 1 issued: 1/1 secure, 1/1 HttpOnly Security headers X-Frame-Options: DENY X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ansonng.com *.cloudflare.com cdn.amplitude.com cdn.cookielaw.org *.crisp.chat *.cookiepro.com *.onetrust.com *.digicert.com; style-src 'self' 'unsafe-inline' *.ansonng.com cdn.cookielaw.org *.crisp.chat *.cookiepro.com; img-src 'self' blob: data: *.ansonng.com picsum.photos cdn.cookielaw.org *.crisp.chat *.cookiepro.com *.digicert.com; font-src 'self' data: cdn.cookielaw.org *.crisp.chat *.cookiepro.com; connect-src 'self' *.ansonng.com *.cookiepro.com *.cloudflare.com cdn.cookielaw.org cookies-data.onetrust.io *.onetrust.com *.crisp.chat wss://*.relay.crisp.chat wss://*.relay.rescue.crisp.chat *.digicert.com; frame-src 'self' challenges.cloudflare.com cdn.cookielaw.org *.crisp.chat *.digicert.com; media-src 'self' cdn.ansonng.com; worker-src blob: *.crisp.chat; object-src 'none' *.digicert.com; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; Permissions-Policy: camera=(), microphone=(), geolocation=() Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Embedder-Policy: unsafe-none X-XSS-Protection: 0 Access-Control-Allow-Origin: * Permissions-Policy: camera=(), microphone=(), geolocation=() Referrer-Policy: strict-origin-when-cross-origin Cache-Control: max-age=0 Reverse Proxy banner -- Testing vulnerabilities Secure Renegotiation (RFC 5746) not vulnerable (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) potentially NOT ok, "br gzip" HTTP compression detected. - only supplied "/" tested Can be ignored for static pages or if no secrets in the page POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), TLS 1.3 is the only protocol SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) no RSA certificate, thus certificate can't be used with SSLv2 elsewhere LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK) Winshock (CVE-2014-6321), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) not vulnerable (OK) Done 2026-01-07 16:29:10 [ 48s] -->> 161.35.249.255:443 (ansonng.com) <<-- ----------------------------------------------------- Start 2026-01-07 16:29:10 -->> 138.197.25.86:443 (ansonng.com) <<-- Further IP addresses: 161.35.249.255 2604:a880:800:14:0:2:372e:2000 2604:a880:800:14:0:2:372e:6000 rDNS (138.197.25.86): lab.ansonng.com. Service detected: HTTP Testing for server implementation bugs No bugs found. Testing HTTP header response @ "/" HTTP Status Code 200 OK HTTP clock skew +420666 sec from localtime HTTP Age (RFC 7234) 420666 IPv4 address in header X-Anson-Ng-Request-Id: 1767803359.880-34.96.47.131-1054237 (check if it's your IP address or e.g. a cluster IP) Strict Transport Security 365 days=31536000 s, includeSubDomains, preload Public Key Pinning -- Server banner Anson Ng Edge Application banner X-Powered-By: Anson Secure Platform X-Version: 2025.1.0 Cookie(s) 1 issued: 1/1 secure, 1/1 HttpOnly Security headers X-Frame-Options: DENY X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ansonng.com *.cloudflare.com cdn.amplitude.com cdn.cookielaw.org *.crisp.chat *.cookiepro.com *.onetrust.com *.digicert.com; style-src 'self' 'unsafe-inline' *.ansonng.com cdn.cookielaw.org *.crisp.chat *.cookiepro.com; img-src 'self' blob: data: *.ansonng.com picsum.photos cdn.cookielaw.org *.crisp.chat *.cookiepro.com *.digicert.com; font-src 'self' data: cdn.cookielaw.org *.crisp.chat *.cookiepro.com; connect-src 'self' *.ansonng.com *.cookiepro.com *.cloudflare.com cdn.cookielaw.org cookies-data.onetrust.io *.onetrust.com *.crisp.chat wss://*.relay.crisp.chat wss://*.relay.rescue.crisp.chat *.digicert.com; frame-src 'self' challenges.cloudflare.com cdn.cookielaw.org *.crisp.chat *.digicert.com; media-src 'self' cdn.ansonng.com; worker-src blob: *.crisp.chat; object-src 'none' *.digicert.com; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; Permissions-Policy: camera=(), microphone=(), geolocation=() Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Embedder-Policy: unsafe-none X-XSS-Protection: 0 Access-Control-Allow-Origin: * Permissions-Policy: camera=(), microphone=(), geolocation=() Referrer-Policy: strict-origin-when-cross-origin Cache-Control: max-age=0 Reverse Proxy banner -- Testing vulnerabilities Secure Renegotiation (RFC 5746) not vulnerable (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) potentially NOT ok, "br gzip" HTTP compression detected. - only supplied "/" tested Can be ignored for static pages or if no secrets in the page POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), TLS 1.3 is the only protocol SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) no RSA certificate, thus certificate can't be used with SSLv2 elsewhere LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK) Winshock (CVE-2014-6321), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) not vulnerable (OK) Done 2026-01-07 16:29:34 [ 72s] -->> 138.197.25.86:443 (ansonng.com) <<-- ----------------------------------------------------- Done testing now all IP addresses (on port 443): 161.35.249.255 138.197.25.86
About this Scan
This scan uses testssl.sh to check for:
- Protocols: SSLv2, SSLv3, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3
- Vulnerabilities: Heartbleed, POODLE, FREAK, Logjam, DROWN, etc.
- Cipher Suites: Weak ciphers, perfect forward secrecy (PFS) support.