kısaca eksik kısımlar

Strict-Transport-Security
Content-Security-Policy
X-Frame-Options
X-Content-Type-Options
Referrer-Policy
Permissions-Policy
Directory listing open
HTTP Strict Transport Security (HSTS) not enforced
Email Security
DMARC policy not found
SPF policy uses ~all
Domain registrar deletion protection not enabled
Domain registrar update protection not enabled

-----------------------------------
[19:57:53] [INFO] testing URL 'http://kumas.org'
[19:57:53] [INFO] using '/tmp/sqlmapoutput25v0wz6a/results-02202021_0757pm.csv' as the CSV results file in multiple targets mode
[19:57:53] [INFO] testing connection to the target URL
got a 301 redirect to 'http://www.kumas.org/'. Do you want to follow? [Y/n] Y
[19:57:59] [INFO] checking if the target is protected by some kind of WAF/IPS
[19:58:09] [WARNING] reflective value(s) found and filtering out
[19:58:10] [INFO] testing if the target URL content is stable
[19:58:14] [ERROR] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent', skipping to the next URL
[*] ending @ 19:58:14 /2021-02-20/

Sql injection no risk .