|Scan ID #:|
Your site is configured with extremely broad resource sharing permissions.
This can be dangerous, and is possibly not what was intended.
Wondering where to start?
Adding HTTPS protects your site's visitors from tracking, malware, and injected advertising.
We noticed that your site is accessible over HTTPS, but still defaults to HTTP.
What’s a good next step?
X-Frame-Options header and Content Security Policy’s
frame-ancestors directive are a simple and easy way to protect your site against clickjacking attacks.
You’re halfway finished! Nice job!
You’re doing a wonderful job so far!
You’re on the home stretch!
'unsafe-inline' inside of
style attributes into external stylesheets not only makes you safer, but also makes your code easier to maintain.
🎉🎉🎉 We don't have any! 🎉🎉🎉
Once you've successfully completed your change, click Initiate Rescan for the next piece of advice.
|Blocks execution of plug-ins, using
|Blocks inline styles by not allowing
|Blocks loading of active content over HTTP or FTP|
|Blocks loading of passive content over HTTP or FTP|
|Clickjacking protection, using
|Deny by default, using
|Restricts use of the
|First Observed:||(certificate #)|
|Cipher SuiteCipher||Code||Key sizeSize||AEAD||PFS||Protocols|
|Cipher Preference:||selects preferred cipher|
Looking for improved security and have a user base of only modern clients?
Still want secure website, but need compatibility with those older clients?
|Duplicate Host Keys:|
|Operating System Identifier:|
|SSH Library Identifier:|