Security Analysis

Security analysis evaluates the security of your website primarily by analyzing HTTP headers and TLS/SSL configurations. It identifies potential vulnerabilities and provides recommendations for enhancing site security.

HTTP headers

In terms of checking HTTP headers, the headers below are analyzed - whether they exist/do not exist and whether they have appropriate safe values. Checks are for essential security headers that protect against XSS, clickjacking, and other attacks. Missing or misconfigured headers are flagged with recommendations for improvement.

Access-Control-Allow-Origin
Strict-Transport-Security
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Referrer-Policy
Content-Security-Policy
Feature-Policy
Permissions-Policy
Server
X-Powered-By
Set-Cookie

Ensures cookies are set with HttpOnly, Secure, and SameSite attributes to prevent common web vulnerabilities.

HTML content

The HTML verification only verifies that the forms are not sent through an unsecured http:// and also that there are no <iframe> with content from an unsecured http://.

TLS/SSL Protocol Support

Reviews SSL/TLS configurations, recommending webserver updates if outdated or insecure protocols are supported.

This analysis helps in securing your website by identifying critical areas where security configurations can be improved.

💡What would you improve?

If you have ideas how to improve security analysis based on the data available to the crawler, don’t be afraid to send a feature request (to desktop application, or to command-line interface) with a suggestion for improvement. We are happy to consider and implement it if it will benefit more users.