Security Audit
53/100
Astra Health Score2
Security providers have blacklisted your site.Security Audit Results
We detected suboptimal or unsafe practices on your website. Please see the list below for more details.
-
Your site was flagged by G-Data Blacklist High
Description:G-Data flagged your site as potentially containing malicious content.
Remediation:Contact Astra for immediate Blacklist Removal
-
X-XSS-Protection header not implemented Header Security High
Description:The x-xss-protection header is designed to enable the cross-site scripting (XSS) filter built into modern web browsers. X-XSS-Protection header is not implemented on this website. Implementing X-XSS-Protection security headers are an important way to keep your site and your visitors safe from attacks and hackers..
Remediation:Follow this guide to fix this, find the guide here.
-
Your site was flagged by CRDF Blacklist High
Description:CRDF flagged your site as potentially containing malicious content.
Remediation:Contact Astra for immediate Blacklist Removal
-
HTTP Strict Transport Security (HSTS) header not implemented Header Security Medium
Description:HTTP Strict Transport Security (HSTS) header not implemented.
Remediation:Follow this guide to fix this, find the guide here.
-
X-Content-Type-Options header not implemented Header Security Medium
Description:X-Content-Type-Options header indicates that MIME Type specified by server should not be changed and should be followed. X-Content-Type-Options header is not implemented..
Remediation:Follow this guide to fix this, find the guide here.
-
X-Frame-Options (XFO) header not implemented Header Security Medium
Description:This header tells your browser how to behave when handling your site's content. The main reason for its inception was to provide clickjacking protection by not allowing rendering of a page in a frame. This can include rendering of a page in a frame, iframe, or object. Iframes are used to embed and isolate third-party content into a website. X-Frame-Options (XFO) header was not found on this website..
Remediation:Follow this guide to fix this, find the guide here.
-
Content Security Policy (CSP) header not implemented Header Security Low
Description:Our scanners were not able to detect Content Security Policy (CSP) header amongst the header returned by your site..
Remediation:Follow this guide to fix this, find the guide here.
-
Subresource Integrity (SRI) not implemented, but all external scripts are loaded over HTTPS HTTP Security Info
Description:Subresource Integrity enables you to mitigate some risks of attacks by ensuring that the files your web application or web document fetches (from a CDN or anywhere) have been delivered without a third-party having injected any additional content into those files and without any other changes of any kind at all having been made to those files. Great job loading all scripts via HTTPS, Implementing SRI will help you make your website more secure..
Remediation:Follow this guide to fix this, find the guide here.