- Nikto v2.6.0 --------------------------------------------------------------------------- + Your Nikto installation is out of date. + Target IP: 13.33.67.105 + Target Hostname: web.umang.gov.in + Target Port: 80 + Platform: Unknown + Start Time: 2026-04-28 11:22:31 (GMT-4) --------------------------------------------------------------------------- + Server: CloudFront + Multiple IPs found: 13.33.67.105, 13.33.67.6, 13.33.67.60, 13.33.67.7, 2600:9000:208d:d200:e:887f:43c0:93a1, 2600:9000:208d:5800:e:887f:43c0:93a1, 2600:9000:208d:7a00:e:887f:43c0:93a1, 2600:9000:208d:7000:e:887f:43c0:93a1, 2600:9000:208d:fc00:e:887f:43c0:93a1, 2600:9000:208d:6600:e:887f:43c0:93a1, 2600:9000:208d:d800:e:887f:43c0:93a1, 2600:9000:208d:a400:e:887f:43c0:93a1 + [999986] /: Retrieved via header: 1.1 80f6725ce89f26cc65ee34165eb689cc.cloudfront.net (CloudFront). + [011799] /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc + No CGI Directories found (use '-C all' to force check all possible dirs). CGI tests skipped. + [013587] /: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy + [013587] /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy + [013587] /: Suggested security header missing: x-content-type-options. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + [013587] /: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + [013587] /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP + [007342] /: X-Frame-Options header is deprecated and was replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options + [007352] /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/ + [999986] /: Retrieved access-control-allow-origin header: *. + 8251 requests: 0 errors and 10 items reported on the remote host + End Time: 2026-04-28 11:23:04 (GMT-4) (33 seconds) --------------------------------------------------------------------------- + 1 host(s) tested