Security Audit

Perform a basic security audit on your website and see what kind of vulnerabilities are affecting it.

duckduckgo.com

Hosted at 52.149.246.39

View Results Email Report Scan a different site Scan a different site

90/100

Astra Health Score
Your site does not appear to be blacklisted.

Security Audit Results

We detected suboptimal or unsafe practices on your website. Please see the list below for more details.

Request Security Audit
  • Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src. Header Security Medium Details
    Description:

    Content Security Policy(CSP) is an additional security layer that helps detect and mitigate certain types of attacks such as Cross-Site Scripting (XSS). Such attacks can also be used for data theft, site defacement or even distribution of malware. Content Security Policy (CSP) implemented on your site is unsafe. This includes usage of unsafe-inline or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src. Please follow our remediation guide to migrate to safe Content Security Policy..

    Remediation:

    Follow this guide to fix this, find the guide here.

  • Referrer-Policy header set unsafely to "origin", "origin-when-cross-origin", or "unsafe-url" Header Security Medium Details
    Description:

    Referrer-Policy header controls how much referrer information should be included with requests. Referrer-Policy header is set unsafely to "origin", "origin-when-cross-origin", or "unsafe-url". "unsafe-url" header will send the origin, path, and query string as referrer when performing any request, regardless of security..

    Remediation:

    Follow this guide to fix this, find the guide here.

Protect your website from internet attacks

Try Astra