Security Audit

Perform a basic security audit on your website and see what kind of vulnerabilities are affecting it.

71/100

Astra Health Score

2

Security providers have blacklisted your site.

Security Audit Results

We detected suboptimal or unsafe practices on your website. Please see the list below for more details.

Request Security Audit
  • Your site was flagged by CLEAN MX Blacklist High Details
    Description:

    CLEAN MX flagged your site as potentially containing malicious content.

    Remediation:

    Contact Astra for immediate Blacklist Removal

  • Your site was flagged by CRDF Blacklist High Details
    Description:

    CRDF flagged your site as potentially containing malicious content.

    Remediation:

    Contact Astra for immediate Blacklist Removal

  • Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src. Header Security Medium Details
    Description:

    Content Security Policy(CSP) is an additional security layer that helps detect and mitigate certain types of attacks such as Cross-Site Scripting (XSS). Such attacks can also be used for data theft, site defacement or even distribution of malware. Content Security Policy (CSP) implemented on your site is unsafe. This includes usage of unsafe-inline or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src. Please follow our remediation guide to migrate to safe Content Security Policy..

    Remediation:

    Follow this guide to fix this, find the guide here.

  • Anti-CSRF tokens set without using the SameSite flag Cookie Security Low Details
    Description:

    SameSite prevents the browser from sending this cookie along with cross-site requests. Risk of cross-origin information leakage can be mitigated by using SameSite cookies. Our scanners detected that your website is using Anti-CSRF tokens but is not using SameSite attributes. SameSite is a new standard actively enforced by web browsers and We recommend that you add SameSite cookie attribute to all sensitive cookies..

    Remediation:

    Follow this guide to fix this, find the guide here.

  • Initial redirection from HTTP to HTTPS is to a different host, preventing HSTS HTTPS Security Low Details
    Description:

    Your website is initially redirected to canonical HTTPS URL from a non-canonical HTTP URL. As HSTS only applies for the host that sends it, The policy will only to the canonical HTTPS URL. It is recommended to first redirect non-canonical HTTP URL to the non-canonical HTTPS URL (same domain) and then redirect to the canonical HTTPS URL..

    Remediation:

    Follow this guide to fix this, find the guide here.

Protect your website from internet attacks

Try Astra