***** RFIURL is not defined in nikto.conf--no RFI tests will run *****
Nikto v2.1.6
---------------------------------------------------------------------------
Target IP:          23.108.108.219
Target Hostname:    emrl.com
Target Port:        443
---------------------------------------------------------------------------
SSL Info:        Subject:  /CN=*.opalstack.com
                   Ciphers:  ECDHE-RSA-AES128-GCM-SHA256
                   Issuer:   /C=US/O=Let's Encrypt/CN=R10
Start Time:         2025-01-01 14:48:07 (GMT-8)
---------------------------------------------------------------------------
Server: nginx
The anti-clickjacking X-Frame-Options header is not present.
The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
Uncommon header 'link' found, with contents: <https://emrl.com/wp-json/>; rel="https://api.w.org/"
The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
Uncommon header 'x-redirect-by' found, with contents: Yoast SEO
Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x0 0x628bf782f6c3a 
The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
Server is using a wildcard certificate: *.opalstack.com
Hostname 'emrl.com' does not match certificate's names: *.opalstack.com
Web Server returns a valid response with junk HTTP methods, this may cause false positives.
DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
354 requests: 0 error(s) and 12 item(s) reported on remote host
End Time:           2025-01-01 14:51:49 (GMT-8) (222 seconds)
---------------------------------------------------------------------------
1 host(s) tested