Security Audit
google.com
Hosted at 216.239.38.117 and 2001:4860:4802:32::75
View Results Email Report Scan a different site Scan a different site71/100
Astra Health ScoreSecurity Audit Results
We detected suboptimal or unsafe practices on your website. Please see the list below for more details.
-
X-XSS-Protection header set to 0 (disabled) Header Security High
Description:The x-xss-protection header is designed to enable the cross-site scripting (XSS) filter built into modern web browsers. Explicitly setting X-XSS-Protection header to "0" will allow an attacker to perform XSS attack on your users..
Remediation:The recommended configuration is to set this header to the following value, which will enable the XSS protection and instruct the browser to block the response in the event that a malicious script has been inserted from user input, instead of sanitizing. x-xss-protection: 1; mode=block.
-
Cookies use SameSite flag, but set to something other than Strict or Lax Cookie Security Medium
Description:SameSite attribute present on the Cookies set by your site is invalid. SameSite value must be either unset, Strict, or Lax..
Remediation:Follow this guide to fix this, find the guide here.
-
Referrer-Policy header set unsafely to "origin", "origin-when-cross-origin", or "unsafe-url" Header Security Medium
Description:Referrer-Policy header controls how much referrer information should be included with requests. Referrer-Policy header is set unsafely to "origin", "origin-when-cross-origin", or "unsafe-url". "unsafe-url" header will send the origin, path, and query string as referrer when performing any request, regardless of security..
Remediation:Follow this guide to fix this, find the guide here.
-
X-Content-Type-Options header not implemented Header Security Medium
Description:X-Content-Type-Options header indicates that MIME Type specified by server should not be changed and should be followed. X-Content-Type-Options header is not implemented..
Remediation:Follow this guide to fix this, find the guide here.
-
Content Security Policy (CSP) header not implemented Header Security Low
Description:Our scanners were not able to detect Content Security Policy (CSP) header amongst the header returned by your site..
Remediation:Follow this guide to fix this, find the guide here.
-
Redirects to HTTPS eventually, but initial redirection is to another HTTP URL HTTPS Security Low
Description:Multiple HTTP to HTTPS redirections were found on your site. It Redirects to HTTPS eventually, but initial redirection is to another HTTP URL..
Remediation:Follow this guide to fix this, find the guide here.