Security Analysis
Security analysis evaluates the security of your website primarily by analyzing HTTP headers and TLS/SSL configurations. It identifies potential vulnerabilities and provides recommendations for enhancing site security.
Sample Results
Section titled “Sample Results”The analyzer provides a detailed table showing security header status across your website:
Security--------
Header | OK | Notice | Warning | Critical | Recommendation-------------------------------------------------------------------------------------------------------------------------------------------------------------------Strict-Transport-Security | 45 | 0 | 0 | 3 | Strict-Transport-Security header is not set. It enforces secure connections and protects against MITM attacks.X-XSS-Protection | 45 | 0 | 0 | 3 | X-XSS-Protection header is not set. It enables browser's built-in defenses against XSS attacks.X-Frame-Options | 0 | 45 | 3 | 0 | X-Frame-Options header is set to SAMEORIGIN which allows this origin to embed the resource in a frame.X-Content-Type-Options | 45 | 0 | 3 | 0 | X-Content-Type-Options header is not set. It stops MIME type sniffing and mitigates content type attacks.Referrer-Policy | 45 | 0 | 3 | 0 | Referrer-Policy header is not set. It controls referrer header sharing and enhances privacy and security.Content-Security-Policy | 48 | 0 | 0 | 0 |Feature-Policy | 48 | 0 | 0 | 0 |Permissions-Policy | 48 | 0 | 0 | 0 |Server | 48 | 0 | 0 | 0 | Server header is not set or empty. This is recommended.
The table provides:
- Status counts for each security header (OK, Notice, Warning, Critical)
- Specific recommendations for addressing identified issues
- Clear indication of which headers need immediate attention
HTTP headers
Section titled “HTTP headers”In terms of checking HTTP headers, the headers below are analyzed - whether they exist/do not exist and whether they have appropriate safe values. Checks are for essential security headers that protect against XSS, clickjacking, and other attacks. Missing or misconfigured headers are flagged with recommendations for improvement.
Access-Control-Allow-Origin
Strict-Transport-Security
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Referrer-Policy
Content-Security-Policy
Feature-Policy
Permissions-Policy
Server
X-Powered-By
Set-Cookie
Cookie Security
Section titled “Cookie Security”Ensures cookies are set with HttpOnly
, Secure
, and SameSite
attributes to prevent common web vulnerabilities.
HTML content
Section titled “HTML content”The HTML verification only verifies that the forms are not sent through an unsecured http://
and also that there are no <iframe>
with content from an unsecured http://
.
TLS/SSL Protocol Support
Section titled “TLS/SSL Protocol Support”Reviews SSL/TLS configurations, recommending webserver updates if outdated or insecure protocols are supported.
This analysis helps in securing your website by identifying critical areas where security configurations can be improved.
💡What would you improve?
Section titled “💡What would you improve?”If you have ideas how to improve security analysis based on the data available to the crawler, don’t be afraid to send a feature request (to desktop application, or to command-line interface) with a suggestion for improvement. We are happy to consider and implement it if it will benefit more users.