Comprehensive Web Server Security Report

Nikto Security Scanning Results

example.com

Tool: Nikto 2.1.5 | Date: January 13, 2026

Scan Summary

This report presents the results of a comprehensive security scan of https://example.com using Nikto 2.1.5. The scan identified 3 potential security issues requiring attention.

Scan Statistics:

ParameterValue
Target Hostexample.com (188.114.96.12)
Port443 (HTTPS)
Web ServerCloudflare
Scan DateJanuary 13, 2026, 05:24:40
Duration6 minutes 31 seconds (391 sec)
Items Tested6,544
Issues Found3
Scan Errors0

Overall Security Assessment: MEDIUM RISK LEVEL

Identified issues do not represent critical threats but should be addressed to improve overall application security and user protection.

Identified Issues

🟡 (1) Missing X-Frame-Options Header

Risk Level: MEDIUM

OSVDB-0

Problem Description:

The security header X-Frame-Options is missing, which protects against clickjacking attacks. This header is critical to prevent embedding the site in an iframe on malicious websites.

Technical Details:
  • URI: /
  • HTTP Method: GET
  • Affected Endpoints: https://example.com:443/
Potential Consequences:
  • Clickjacking attack vulnerability
  • Site embedding in iframe on malicious resources
  • User deception through hidden interface elements
  • Redirection of user actions to malicious sites
Remediation:
// LiteSpeed/Nginx Configuration
add_header X-Frame-Options "DENY" always;
// or
add_header X-Frame-Options "SAMEORIGIN" always;

// Alternative via CSP
add_header Content-Security-Policy "frame-ancestors 'none';" always;

🟢 (2) Non-Standard cf-ray Header

Risk Level: LOW (Informational)

Information

Description:

Non-standard header cf-ray detected with value: 9bd22015ba62bc6c-ZRH

Analysis:

This header is standard for Cloudflare services and is used for request tracing and diagnostics. Does not represent a security threat and can be used for debugging.

Status:

✓ Informational, no action required

🟡 (3) SSL Certificate Mismatch

Risk Level: MEDIUM

OSVDB-0

Problem Description:

Hostname example.com does not match Common Name (CN) of SSL certificate cdnjs.cloudflare.com. This may cause browser warnings and reduce user trust.

Technical Details:
  • Expected CN: example.com
  • Actual CN: cdnjs.cloudflare.com
  • Issue Type: Certificate mismatch
Potential Consequences:
  • Browser security warnings
  • Reduced user trust in the site
  • Potential SEO and indexing issues
  • Browser blocking access
Remediation:
  • Obtain correct SSL certificate for example.com domain
  • Update Cloudflare configuration to use correct certificate
  • Verify DNS and proxy settings in Cloudflare panel
  • Recreate routing rule with correct CN

Scanning Technical Parameters

Nikto Command Line Parameters:

nikto -h https://example.com -ssl -o https_scan.html -F html

Statistics by Category:

CategoryCountStatus
Items Tested6,544✓
Scan Errors0✓
Issues Found3âš 
Critical Issues0✓
Medium Risk2âš 
Low Risk1ℹ

Remediation Plan

Immediate Actions (1-3 Days)

Short-term Actions (1-2 Weeks)

Long-term Actions (1+ Month)

Conclusion

The security scan identified 3 medium and low severity issues. Despite the absence of critical vulnerabilities, remediation of identified issues is recommended to improve overall security posture.

Recommendation: Re-run the scan 1-2 weeks after implementing fixes to confirm effectiveness.
Scan Frequency: Monthly security scanning using Nikto

Report generated from Nikto 2.1.5 security scanning.
Scan Date: January 13, 2026
© 2008 CIRT, Inc.