Security Audit
0/100
Astra Health ScoreSecurity Audit Results
We detected suboptimal or unsafe practices on your website. Please see the list below for more details.
-
Csp Implemented With Unsafe Inline Best Practice Medium
Description:Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src..
-
Cookies Samesite Flag Invalid Best Practice Medium
Description:Cookies use SameSite flag, but set to something other than Strict or Lax.
-
Redirection Off Host From Http Best Practice Medium
Description:Initial redirection from HTTP to HTTPS is to a different host, preventing HSTS.
-
Sri Not Implemented And External Scripts Not Loaded Securely Best Practice Medium
Description:Subresource Integrity (SRI) not implemented, and external scripts are loaded over HTTP or use protocol-relative URLs via src="//...".
-
X Content Type Options Not Implemented Best Practice Medium
Description:X-Content-Type-Options header not implemented.
-
X Xss Protection Not Implemented Best Practice Medium
Description:X-XSS-Protection header not implemented.