Scan Results
Here is what we found for xcii.my. Review the checks below and take action on anything flagged in red.
Overall Score: 77/100
Your website has a solid foundation but there are several areas that need attention to improve rankings and performance.
Website Preview
Google SERP Preview
This is how your page may appear in Google search results.
WordPress Detected
Running the latest version.
Version is publicly visible. Hide it with remove_action('wp_head', 'wp_generator')
Twenty Twenty-Five emphasizes simplicity and adaptability. It offers flexible design options, supported by a variety of patterns for different page types, such as services and landing pages, making it ideal for building personal blogs, professional portfolios, online magazines, or business websites. Its templates cater to various blog styles, from text-focused to image-heavy layouts. Additionally, it supports international typography and diverse color palettes, ensuring accessibility and customization for users worldwide.
wp-login.php is publicly accessible. Consider hiding it with a plugin like WPS Hide Login or restrict by IP.
Usernames visible via REST API: admin. Disable with disable_rest_api_users or a security plugin.
XML-RPC enables brute-force and DDoS amplification attacks. Disable with add_filter('xmlrpc_enabled', '__return_false') or block in .htaccess.
Public wp-cron.php can be abused for DDoS. Set define('DISABLE_WP_CRON', true) and use a real server cron job instead.
Author enumeration exposes usernames for brute-force attacks. Block with a security plugin or redirect rule.
Remove unnecessary head links: remove_action('wp_head', 'rsd_link'), remove_action('wp_head', 'wlwmanifest_link'), remove_action('wp_head', 'wp_oembed_add_discovery_links')
Domain Information
CDN & Infrastructure
Cloudflare edge — 2606:4700:3032::6815:595
cloudflare
PageSpeed Insights
Powered by Google Lighthouse. Scores are out of 100.
Detailed Analysis
SEO
Search engine optimisation checks
Page Title
Title: "xciimy" (6 chars). Too short. Aim for 50-60 characters for optimal SERP display.
Meta Description
No meta description found. Google will auto-generate one, which may not represent your page well.
H1 Heading
One H1 heading found correct structure.
Image Alt Attributes
No images found on the page.
Canonical URL
No canonical tag found. Without it, search engines may index multiple versions of the same page.
<link rel="canonical" href="YOUR_PAGE_URL"> pointing to the preferred version of each page. Robots Noindex Check
No noindex directive found your page is eligible for Google indexing.
Schema.org Structured Data
No structured data found. Adding Schema.org markup can improve how your page appears in Google search.
URL Length
URL is 15 characters. Good — short URLs are easier to share and rank better in search.
Content Length
34 words detected. Very thin content. Search engines may not consider this page valuable enough to rank.
Hreflang Tags
No hreflang tags found. If your site targets multiple languages or regions, add hreflang tags to avoid duplicate content issues across locales.
Noindex Header Test
No noindex directive in HTTP headers (X-Robots-Tag). The server is not blocking indexing via response headers.
Robots.txt
robots.txt file found with valid directives. This file controls which parts of your site search engines can crawl.
Blocked by Robots.txt
This page is NOT blocked by robots.txt. Search engines are free to crawl and index it.
LLM.txt
No llms.txt file found. Adding one helps AI assistants provide accurate information about your business when users ask.
XML Sitemap
XML sitemap found at /sitemap.xml. Also referenced in robots.txt.
WWW Redirect Consistency
Both www and non-www versions resolve but serve separate content. www.xcii.my does not redirect to xcii.my. This causes duplicate content in search engines.
Security
Security and safety checks
HTTPS / SSL Certificate
Your site uses HTTPS good for security and Google rankings.
Security Headers
1 of 5 security headers found: Strict-Transport-Security (HSTS).
Server Technology Exposure
No server technology or version information is leaked in HTTP headers.
Permissions-Policy
No Permissions-Policy header. Third-party scripts could access browser features like camera, microphone, or geolocation without restriction.
Referrer-Policy
No Referrer-Policy set. The browser will send the full URL as referrer to third-party sites, potentially leaking private URLs or query strings.
Google Safe Browsing
Checking Google Safe Browsing…
VirusTotal Reputation
Checking VirusTotal threat intelligence…
Malware & Suspicious Code
No common malware indicators found in the page source. No hidden iframes, obfuscated scripts, crypto miners, or suspicious redirects detected.
Cookie Security
All cookies have proper security attributes, or no cookies were set on initial load.
Mixed Content
No mixed content detected. All resources load over HTTPS.
JS Library Versions
No outdated JavaScript libraries detected in page source.
Staging / Debug References
No staging, development, or debug references found in page source.
Performance
Speed and delivery checks
Server Response Time
Your server responded in 0.86s. Excellent response time.
HTML Page Size
HTML size is 68 KB lightweight and fast to download.
Gzip / Brotli Compression
Compression is enabled pages are served compressed to reduce transfer size.
Cache Headers
Caching is active: CF-Cache-Status: DYNAMIC.
China Firewall Compatibility
Server location: Canada.
Mobile & UX
Mobile-friendliness and user experience
Viewport Meta Tag
Viewport meta tag is present your site should render properly on mobile devices.
Favicon
No favicon link tag detected. Your site will show a generic icon in browser tabs and bookmarks.
<link rel="icon"> to your <head>. Social & Analytics
Social sharing and tracking
Open Graph Tags
No Open Graph tags found. Shared links on social media will show generic previews instead of your custom title, image, and description.
Analytics Detection
Analytics detected: Google Analytics 4.
Need help fixing these issues?
Our team can optimise your website for speed, SEO, and security. Get a free consultation no obligations.
FAQ
Website Scan FAQ
Common questions about our free website scanning tool.
Disclaimer: This scan is provided for informational purposes only and does not constitute professional security advice. XCII Technologies makes no warranties regarding the accuracy, completeness, or reliability of the results. Third-party data sources used in this report include:
- Domain & WHOIS data — sourced via the IANA RDAP Bootstrap service, with registry and registrar RDAP referral. Providers include MYNIC (.my domains), Google Registry (.app, .dev, .page, .new and other Google TLDs), Verisign, PIR (.org), Identity Digital, Aliyun, CNNIC (.cn domains), and individual registrar RDAP endpoints. Accuracy depends on the respective provider.
- PageSpeed Insights — performance, accessibility, best practices, and SEO audits are powered by Google PageSpeed Insights and Lighthouse. Results may vary between runs.
- Google Safe Browsing — threat detection data is provided by Google Safe Browsing. A clean result does not guarantee the site is free from all threats.
- VirusTotal — domain and IP reputation data is provided by VirusTotal (a Google subsidiary). Results reflect analysis from 70+ security vendors and may include false positives.
- WPScan Vulnerability Database — WordPress vulnerability data is provided by WPScan. Coverage depends on their database and may not include all known vulnerabilities.
- WPVulnerability Database — WordPress, PHP, Apache, and nginx vulnerability data is provided by WPVulnerability. This free, community-maintained database may not include all known vulnerabilities.
- WordPress.org & Envato — plugin and theme metadata is sourced from WordPress.org and Envato/CodeCanyon APIs.
- Joomla Extensions Directory — Joomla extension metadata is sourced from the Joomla Extensions Directory (JED). Not all extensions may be listed in JED.
- Server geolocation — IP-based server location data is provided by ip-api.com. Geolocation accuracy may vary.
XCII Technologies is not affiliated with any of the above services and is not responsible for the data they provide. Use this report at your own discretion.
Recent Scans
Recently Scanned Websites
See the latest websites scanned by our tool. Try scanning yours!