Scribd
Upload
174 views2 pages

Security Scanner Report PDF

The document summarizes the results of a security scan of a website. The scan found several security issues including cookies not being set with the secure flag, lack of automatic redirection from HTTP to HTTPS, and missing security headers that help prevent cross-site scripting and content spoofing attacks. The overall security health score was 48 out of 100, indicating potential risks exist that should be addressed.

Uploaded by

EL Picasesos TE VA Picar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
174 views2 pages

Security Scanner Report PDF

The document summarizes the results of a security scan of a website. The scan found several security issues including cookies not being set with the secure flag, lack of automatic redirection from HTTP to HTTPS, and missing security headers that help prevent cross-site scripting and content spoofing attacks. The overall security health score was 48 out of 100, indicating potential risks exist that should be addressed.

Uploaded by

EL Picasesos TE VA Picar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

pruebaausencio.epizy.

com
Astra Security Scanner Report Tue 10 November, 2020

Summary

48/100 0 Safe
Astra Health Score Security Blacklist Presence Google Safe Browsing Rating

Health Scan Results

Issue Type Severity

Session cookie set without using the Secure flag or set over HTTP
Cookies are often used in applications to identify and authenticate a user, so stealing a
cookie can lead to hijacking of the authenticated user's session. Session Cookies set by your
website are not using the Secure flag or they are set over HTTP. Please follow our Cookie Security High
remediation guide to ensure that your website is following security best practices..

Does not redirect to an HTTPS site


Your website is not automatically redirected to the HTTPS version of your site when visited
using HTTP URL. If HTTPS is enabled on the server/host, Please configure it to auto redirect HTTPS Security High
to HTTPS URL from HTTP URLs..

HTTP Strict Transport Security (HSTS) header cannot be set for sites not
available over HTTPS
HTTP Strict Transport Security (HSTS) header cannot be set for sites not available over Header Security High
HTTPS.

X-XSS-Protection header not implemented


The x-xss-protection header is designed to enable the cross-site scripting (XSS) filter built
into modern web browsers. X-XSS-Protection header is not implemented on this website.
Implementing X-XSS-Protection security headers are an important way to keep your site Header Security High
and your visitors safe from attacks and hackers..

X-Content-Type-Options header not implemented


X-Content-Type-Options header indicates that MIME Type specified by server should not be
changed and should be followed. X-Content-Type-Options header is not implemented.. Header Security Medium
Issue Type Severity

X-Frame-Options (XFO) header not implemented


This header tells your browser how to behave when handling your site's content. The main
reason for its inception was to provide clickjacking protection by not allowing rendering of a
page in a frame. This can include rendering of a page in a frame, iframe, or object. Iframes Header Security Medium
are used to embed and isolate third-party content into a website. X-Frame-Options (XFO)
header was not found on this website..

Content Security Policy (CSP) header not implemented


Our scanners were not able to detect Content Security Policy (CSP) header amongst the
header returned by your site.. Header Security Low

Your website needs a Security Audit. Know More

You might also like