Security Audit
78/100
Astra Health Score.e0ba71f5.svg)
Your site does not appear to be blacklisted.
Security Audit Results
We detected suboptimal or unsafe practices on your website. Please see the list below for more details.
-
X-XSS-Protection header cannot be recognized Header Security High
Description:The website is using X-XSS-Protection but it is either invalid or not according to specifications..
Remediation:Follow this guide to fix this, find the guide here.
-
Session cookie set without using the HttpOnly flag Cookie Security High
Description:Cookies are often used in applications to identify and authenticate a user, so stealing a cookie can lead to hijacking of the authenticated user's session. Login or Session cookies on your site are set without the HTTPOnly flag. When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only accessed by the server and not by client-side scripts. All Login and session cookies should be set with HTTP Only flag enabled whenever possible. .
Remediation:Follow this guide to fix this, find the guide here.
-
Content Security Policy (CSP) header not implemented Header Security Low
Description:Our scanners were not able to detect Content Security Policy (CSP) header amongst the header returned by your site..
Remediation:Follow this guide to fix this, find the guide here.