Security Audit

Perform a basic security audit on your website and see what kind of vulnerabilities are affecting it.

www.tenable.com

Hosted at 104.16.54.62 and 2606:4700::6810:353e

View Results Email Report Scan a different site Scan a different site

83/100

Astra Health Score
Your site does not appear to be blacklisted.

Security Audit Results

We detected suboptimal or unsafe practices on your website. Please see the list below for more details.

Request Security Audit
  • Subresource Integrity (SRI) not implemented, and external scripts are loaded over HTTP HTTP Security Medium Details
    Description:

    Subresource Integrity enables you to mitigate some risks of attacks by ensuring that the files your web application or web document fetches (from a CDN or anywhere) have been delivered without a third-party having injected any additional content into those files and without any other changes of any kind at all having been made to those files. Loading external scripts on HTTPS and Implementing Subresource Integrity(SRI) will reduce the risk of modification of file by third-party or attackers..

    Remediation:

    Follow this guide to fix this, find the guide here.

  • Cookies use SameSite flag, but set to something other than Strict or Lax Cookie Security Medium Details
    Description:

    SameSite attribute present on the Cookies set by your site is invalid. SameSite value must be either unset, Strict, or Lax..

    Remediation:

    Follow this guide to fix this, find the guide here.

  • X-Frame-Options (XFO) header not implemented Header Security Medium Details
    Description:

    This header tells your browser how to behave when handling your site's content. The main reason for its inception was to provide clickjacking protection by not allowing rendering of a page in a frame. This can include rendering of a page in a frame, iframe, or object. Iframes are used to embed and isolate third-party content into a website. X-Frame-Options (XFO) header was not found on this website..

    Remediation:

    Follow this guide to fix this, find the guide here.

  • Content Security Policy (CSP) header not implemented Header Security Low Details
    Description:

    Our scanners were not able to detect Content Security Policy (CSP) header amongst the header returned by your site..

    Remediation:

    Follow this guide to fix this, find the guide here.

Protect your website from internet attacks

Try Astra