securityheaders follows redirect that doesn't exist

Submitting [weinzierlweb.com](https://weinzierlweb.com) to securityheaders.com actually scans [unstable.weinzierlweb.com](https://unstable.weinzierlweb.com) 

![image](https://user-images.githubusercontent.com/687096/109390452-07abbd80-7912-11eb-889e-00af2f8b0fcc.png)

If I'm not completely confused there is no such redirect and has not been in the recent past. There is no HTTP redirect, both domains return 200, serve different pages and show different content in the browser. Their DNS records point to different IPs as follows:  

* [weinzierlweb.com](https://weinzierlweb.com) 
A 46.101.253.80
AAAA 

* [unstable.weinzierlweb.com](https://unstable.weinzierlweb.com) 
**no A record**
AAAA 2a03:b0c0:3:d0:0:0:70:d001

_Note that the second domain is IPv6 only._

Other tools properly report the correct site:

![image](https://user-images.githubusercontent.com/687096/109390671-5c9c0380-7913-11eb-98c0-d0702724a76d.png)

![image](https://user-images.githubusercontent.com/687096/109390780-db913c00-7913-11eb-90ef-30351de86f38.png)

These are not cached reports as you can see from the dates. They were  made roughly at the same time I did the securityheaders.com report.

This is most probably a strange and minor corner case but I thought I report it.
I'm curious what is going on here. Thanks for making securityheaders.com freely available!


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

securityheaders follows redirect that doesn't exist #94

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

securityheaders follows redirect that doesn't exist #94

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions