Deep SSL Test Report: hospitaldaluz.pt

 Start 2026-01-29 11:48:32        -->> 4.245.163.153:443 (hospitaldaluz.pt) <<--

 rDNS (4.245.163.153):   --
 Service detected:       HTTP

 Testing for server implementation bugs 

 No bugs found.

 Testing HTTP header response @ "/" 

 HTTP Status Code             301 Moved Permanently, redirecting to "https://www.hospitaldaluz.pt/pt/"
 HTTP clock skew              0 sec from localtime
 Strict Transport Security    365 days=31536000 s, includeSubDomains, preload
 Public Key Pinning           0 keys, 60 days=5184000 s, includeSubDomains
                   Backups:   
 No matching key for SPKI found 
 No backup keys found. Loss/compromise of the currently pinned key(s) will lead to bricked site. 
 Server banner                (no "Server" line in header, interesting!)
 Application banner           --
 Cookie(s)                    6 issued: 5/6 secure, 4/6 HttpOnly -- maybe better try target URL of 30x
 Security headers             X-Frame-Options: SAMEORIGIN
                              X-Content-Type-Options: nosniff
                              Content-Security-Policy: default-src 'self' data:
                                https:; base-uri 'self'; img-src data: https:
                                https://*.googleapis.com https://*.gstatic.com
                                *.google.com  *.googleusercontent.com data:;
                                style-src 'unsafe-inline' https:
                                https://fonts.googleapis.com; frame-src
                                *.google.com *.youtube.com *.hcaptcha.com
                                *.googletagmanager.com 'self'; script-src
                                'self' 'unsafe-inline' https://cdn.jsdelivr.net
                                https://cdnjs.cloudflare.com
                                https://stackpath.bootstrapcdn.com
                                https://stats.g.doubleclick.net
                                https://*.googletagmanager.com
                                https://js.monitor.azure.com
                                https://*.hotjar.com https://*.hotjar.io
                                wss://*.hotjar.com https://js.hcaptcha.com
                                https://www.google-analytics.com
                                *.contentsquare.net *.contentsquare.com
                                www.youtube.com 'unsafe-eval'
                                https://*.googleapis.com https://*.gstatic.com
                                *.google.com https://*.ggpht.com
                                *.googleusercontent.com blob:; connect-src
                                'self' https: wss://ws.hotjar.com 
                                https://*.googleapis.com *.google.com
                                https://*.gstatic.com  data: blob:; font-src
                                'self' https://fonts.gstatic.com data:;
                                frame-ancestors 'self'; object-src 'none';
                                worker-src blob:;  form-action 'self'
                                https://www.hospitaldaluz.pt/
                                https://www.luzsaude.pt/
                                https://www.casasdacidade.pt/
                                https://www.hospitaldomar.pt/
                                https://www.hmevora.pt/;
                              Expect-CT: max-age=31536000
                              Permissions-Policy: autoplay=(none),
                                camera=(none), encrypted-media=(self),
                                fullscreen=(*), geolocation=(self),
                                gyroscope=(self), magnetometer=(self),
                                microphone=(none), midi=(none), payment=(none),
                                picture-in-picture=(*), sync-xhr=(self),
                                usb=(none)
                              X-XSS-Protection: 1; mode=block
                              Permissions-Policy: autoplay=(none),
                                camera=(none), encrypted-media=(self),
                                fullscreen=(*), geolocation=(self),
                                gyroscope=(self), magnetometer=(self),
                                microphone=(none), midi=(none), payment=(none),
                                picture-in-picture=(*), sync-xhr=(self),
                                usb=(none)
                              Referrer-Policy: same-origin
 Reverse Proxy banner         --


 Testing vulnerabilities 

 Secure Renegotiation (RFC 5746)           supported (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no gzip/deflate/compress/br HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible (OK), no protocol below TLS 1.2 offered
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
                                           https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=06727A2577AD26E4ADEB172E64D0AA42720E827B148715A5A1980FF32323A9F1
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     not vulnerable (OK), no SSL3 or TLS1
 LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs.
 Winshock (CVE-2014-6321), experimental    not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)


 Done 2026-01-29 11:49:23 [  60s] -->> 4.245.163.153:443 (hospitaldaluz.pt) <<--