Scan report for "facebook.com"

Membership level: Free member
Nikto no limit SSL scan (nikto -host facebook.com -ssl)
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Multiple IPs found: 31.13.71.36, 2a03:2880:f112:83:face:b00c:0:25de
+ Target IP:          31.13.71.36
+ Target Hostname:    facebook.com
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /C=US/ST=California/L=Menlo Park/O=Meta Platforms, Inc./CN=*.facebook.com
                   Altnames: *.facebook.com, *.facebook.net, *.fbcdn.net, *.fbsbx.com, *.m.facebook.com, *.messenger.com, *.xx.fbcdn.net, *.xy.fbcdn.net, *.xz.fbcdn.net, facebook.com, messenger.com
                   Ciphers:  TLS_CHACHA20_POLY1305_SHA256
                   Issuer:   /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
+ Start Time:         2024-04-12 10:48:35 (GMT-4)
---------------------------------------------------------------------------
+ Server: No banner retrieved
+ /: Uncommon header 'x-fb-debug' found, with contents: smG3fU8P5fz4xgHWEjhzullYMiEeL9xDp/Sjyh/zdzbtNsNx9VSOUqVH1X8SzddQGurawZqHfBcgbeUcJ9RsyA==.
+ /: Uncommon header 'x-fb-connection-quality' found, with contents: UNKNOWN; q=-1, rtt=-1, rtx=0, c=10, mss=1380, tbw=3403, tp=-1, tpl=-1, uplat=25, ullat=0.
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ Root page / redirects to: https://www.facebook.com/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /robots.txt:X-Frame-Options header is deprecated and has been replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /robots.txt: Uncommon header 'reporting-endpoints' found, with contents: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/".
+ /robots.txt: Uncommon header 'document-policy' found, with contents: force-load-at-top.
+ /robots.txt: Uncommon header 'cross-origin-embedder-policy-report-only' found, with contents: require-corp;report-to="coep_report".
+ /static_map.php: Uncommon header 'proxy-status' found, with contents: http_request_error; e_fb_configversion="AcIAeikc5z-PcxSP0w7G88JIbQFjgXQMI_qM7FNAVpVPNh6Vz3Ce4l9PAZC94g"; e_clientaddr="AcKCHiexqJ9APVNTuQ8dSMyiKgt010pYXDowbEe7Qqf5Mw_nPpJcYFLELa0P3Qetfl9tibWsuEmXXI6ZU-Bb_81lF6Wr6ldK6mplIiCtVBh_9OjpvA"; e_fb_vipport="AcLSS6zB_Ba2PEP8qBmIMi2r51WQUiJCa9WRbqz9FqPtFvJRsxh2n68qUSbO"; e_upip="AcK6CHH_MufZTmy21T33SG32ccpuLI9ek6utR041GMmnBDsVgWAD8so5R7y-k1VOU5E5l34TKGGkrUu8eMu_te7lbM4yCpSKp8I"; e_fb_requestsequencenumber="AcLUbWFQHFpIT79tmao0-vBbJ1pVbIgC0mR415Cjfjh5I-Lq2zZTGcYf5ad0Fg"; e_fb_hostheader="AcJGqiZhx-ChCjRa_rxRzOYV5fjZGIRVdCArztY4L-qdnF2MbF-uGFr6Z6DElszuiPUz1Sch"; e_fb_vipaddr="AcIp3oMOhFfG9-Kgg34RCFZgE7-UcrsptujW57DIlOuAqGFvOu_3ZknhntFH2SaoMFET8hSDv9DexWomytuCoVkQnoXxtAvmGQ"; e_fb_requesthandler="AcJi7Zrt8PoyP6MmdNkxMuMiHWj4cV4uNCIRWTZ_vaWi502-snW5H8LSbaY_GoKTJCbTMBihWDU"; e_fb_requesttime="AcIajQaAWskFE5UzTKbl4AdJffhB-uGTb3KBuJSl8Xcw-1gzLn0IzYYOkUEKTB0VoWy3HCuLHg"; e_fb_builduser="AcJVDUCEGNsNKcWTbV-HNcqlJ9IYf3jZcYe_4GTm2ui3di6Y8OC9yRa6AdRJTyG25IU"; e_fb_httpversion="AcIi7WpEj4fMiyokJpkgoxOIzw4nkWqc-Fzlu9mc_zUT8IR8lPYGMVi1QAWu"; e_fb_binaryversion="AcIY2x20v8pgU06B9RuhPHpBKkfZgh9jozV5nnpvNmbBfHLbJiQc7SaG3oR8eX05ydLUn_S3m3U4jH2UcLzCA4TKDPtTnG1viXk"; e_proxy="AcK4OZuOVLx2AXbsz2GPw6ndwZ1ih9jWiWzLyVMqYflV3eWPusvNhHrJyZBYDJ9JsefWfkfA0lq_7M0lvQ0", http_request_error; e_fb_configversion="AcJL2qxZLfMc1JWVWu7c3-0F40-hsToQ5W8MeZpjA1_91Fas5Y4TDQX9KWg2NA"; e_clientaddr="AcIb-AmdwdndXuHK0rqs6H3hYdG1ccWY5OwScCy23gtisNA3RYIcmgJWUxXJ04vIiwXREUXG31TQFZ8icg"; e_fb_vipport="AcL4IZiIMNXTFDyGBjbfGT__hw26vuDyBJGRasiTviLKwrkvPGdUUZlbXF-4"; e_upip="AcIc9-Jk-d3rMz7bjDjn9SieE8iWaOQAcwI3_mXVWXgzIRzwiSAY1DHjhEEx5Hacn3lmX-AamXx9LUSj786GM4H323jjkqOoDA"; e_fb_requestsequencenumber="AcIfadSL_jStYVrIE7CJksigUit81N6C6opI-NyW3QlVLytAiuszyUk_yg"; e_fb_hostheader="AcJmVC9mtrM3lkcMX4WDZCR6QhwkilYpzH5LMWJZYaJA-m0hcAk_vF3DoWmU_nbBU2Va7U_i"; e_fb_vipaddr="AcIoTuZsFuVNLAxEmcNXstRiZxNl_Lwty1u1gtn5_gPE6jqT7zF6AWdXSqHGxmA4ZIQYXoA"; e_fb_requesthandler="AcKEISek4QlnS4e7WgCefnPi4aeKXHGuOulZFtjqyvEzZ0HZdxcXUuen_c1YZdTw3PG9K7Lpz8pdP0EUMbNGapbR"; e_fb_requesttime="AcL7cUylICoxKEAXp57w_eBswu7GIov0qU2vqK64aXrU5Qb3luxT-Pg_Z03r9TniVf3rLd7Pyw"; e_fb_builduser="AcKfmJiIOiF3xqTO6qwXDE0fqhYDmnTqdDDiPn8qKWB2rrcYWyPG-fhrIfpFmL3G5kc"; e_fb_httpversion="AcKF9GUURrTEBW_-aZJCnAriQUfUh8NjiK8CvRAnLsiE7ub1fi4vVoJ5t3St"; e_fb_binaryversion="AcJWN5CqxmAx_1PX35cLDNAqYi8nkIzBVGteWPzGCTDJJnivzSefrBUIYRTp8Y4zVNIdNIRNjgPATS6xAOhtOz-lNjodwwzjQRQ"; e_proxy="AcL6ROEvgMD-fpt3cEOvMU5FneHaI-IpD7NoGjMN7sTL1yhlvIKO00oI1-w5nImI6SFyq1zAL4St38ez".
+ /robots.txt: Entry '/static_map.php' is returned a non-forbidden or redirect HTTP code (500). See: https://portswigger.net/kb/issues/00600600_robots-txt-file
+ /robots.txt: Entry '/map_tile.php' is returned a non-forbidden or redirect HTTP code (500). See: https://portswigger.net/kb/issues/00600600_robots-txt-file
+ /robots.txt: contains 712 entries which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt
+ Server is using a wildcard certificate: *.facebook.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ /status.php: Uncommon header 'x-fb-healthcheck' found, with contents: 0.
+ /status.php: Uncommon header 'x-fb-svn-revision' found, with contents: 1012737330.
+ /status.php: Uncommon header 'x-fb-serverinfo' found, with contents: 6576,0,C3,100,10000,25,6,6.
+ /status.php: Uncommon header 'x-fb-healthcached' found, with contents: 0.
+ /courier/intermediate_login.html: Cookie statecode created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /view2.html: Cookie dvr_camcnt created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /view2.html: Cookie dvr_usr created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /view2.html: Cookie dvr_pwd created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /.well-known/assetlinks.json: Uncommon header 'content-disposition' found, with contents: inline;filename=assetlinks.json.
+ /.well-known/assetlinks.json: Google Asset Links Specification file may contain server info. See: RFC-5785 https://github.com/google/digitalassetlinks/blob/master/well-known/details.md
+ /.well-known/openid-configuration: Uncommon header 'x-fb-rev' found, with contents: 1012737330.
+ /.well-known/openid-configuration: Uncommon header 'x-fb-request-id' found, with contents: AGAMxW4nFOCbZRTg3KerPlC.
+ /.well-known/openid-configuration: Uncommon header 'x-fb-trace-id' found, with contents: DtIfNyo2kWN.
+ /.well-known/openid-configuration: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /.well-known/openid-configuration: OpenID Provider Configuration Information.
+ /apple-app-site-association: Apple Universal Links. See: https://developer.apple.com/documentation/xcode/allowing-apps-and-websites-to-link-to-your-content
+ /.well-known/apple-app-site-association: Apple Universal Links.
+ /.well-known/assetlinks.json: Android App Links.
+ 8001 requests: 0 error(s) and 30 item(s) reported on remote host
+ End Time:           2024-04-12 10:53:27 (GMT-4) (292 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Color Scheme
Target
facebook.com
Scan method
Nikto no limit SSL scan
Run command
nikto -host facebook.com -ssl
Scan time
292s
Scan date
12 Apr 2024 10:53
Copy scan report
Download report
Remove scan result
$
Some firewalls blocks Nikto. For get true positive results add nikto.online IP addresses (172.96.166.66-172.96.166.70 or CIDR 172.96.166.64/29) to the whitelist
[scan_method]
Visibility:
Scan method: