Perform a basic security audit on your website and see what kind of vulnerabilities are affecting it.
75/100Astra Health Score
Security Audit Results
We detected suboptimal or unsafe practices on your website. Please see the list below for more details.
X-XSS-Protection header not implemented Header Security High DetailsDescription:
The x-xss-protection header is designed to enable the cross-site scripting (XSS) filter built into modern web browsers. X-XSS-Protection header is not implemented on this website. Implementing X-XSS-Protection security headers are an important way to keep your site and your visitors safe from attacks and hackers..
Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src. Header Security Medium DetailsDescription:
Content Security Policy(CSP) is an additional security layer that helps detect and mitigate certain types of attacks such as Cross-Site Scripting (XSS). Such attacks can also be used for data theft, site defacement or even distribution of malware. Content Security Policy (CSP) implemented on your site is unsafe. This includes usage of unsafe-inline or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src. Please follow our remediation guide to migrate to safe Content Security Policy..
Subresource Integrity (SRI) not implemented, and external scripts are loaded over HTTP HTTP Security Medium DetailsDescription:
Subresource Integrity enables you to mitigate some risks of attacks by ensuring that the files your web application or web document fetches (from a CDN or anywhere) have been delivered without a third-party having injected any additional content into those files and without any other changes of any kind at all having been made to those files. Loading external scripts on HTTPS and Implementing Subresource Integrity(SRI) will reduce the risk of modification of file by third-party or attackers..
X-Content-Type-Options header not implemented Header Security Medium DetailsDescription:
X-Content-Type-Options header indicates that MIME Type specified by server should not be changed and should be followed. X-Content-Type-Options header is not implemented..