Security Audit
70/100
Astra Health ScoreSecurity Audit Results
We detected suboptimal or unsafe practices on your website. Please see the list below for more details.
-
Csp Implemented With Unsafe Inline Best Practice Medium
Description:Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src..
-
Cookies Without Secure Flag But Protected By Hsts Best Practice Medium
Description:Cookies set without using the Secure flag, but transmission over HTTP prevented by HSTS.
-
Sri Not Implemented But External Scripts Loaded Securely Best Practice Medium
Description:Subresource Integrity (SRI) not implemented, but all external scripts are loaded over HTTPS.