Security
HTTPS, security headers, mixed content, and access controls.
35 issuesbelow — sorted by severity, with the critical and high-severity ones first because they're what you should fix this week. Each entry links to a single page with the symptom, the root cause, the actual code or config change to ship, and a free scan that checks if the issue applies to your site right now.
Access-Control-Allow-Origin: * with Credentials: true is a critical CORS misconfiguration exposing sensitive data.
Pages delivered over plain HTTP expose user data, reduce trust, and receive a Google ranking penalty.
Some cookies lack Secure or HttpOnly flags, exposing them to interception or JavaScript access.
HTTPS pages that load resources (like images, scripts, or stylesheets) over HTTP create mixed content. This undermines security, can break page functionality, a
Missing recommended HTTP security headers leaves your site vulnerable to a range of attacks, including clickjacking, MIME-sniffing, and cross-site scripting (XS
Sensitive URLs such as admin panels, configuration files, or backup directories are accessible to the public and return HTTP 200, indicating they are not proper
Session cookies lack Secure or HttpOnly flags, exposing them to interception or theft via XSS.
Your Content Security Policy allows unsafe-inline or unsafe-eval, exposing your site to XSS attacks and negating CSP protection.
Cross-origin iframes without a sandbox attribute can expose your site to security risks and supply-chain attacks.
Pages with CSP but missing base-uri are vulnerable to base tag injection attacks.
Most CSP-protected pages lack the frame-ancestors directive, leaving them vulnerable to clickjacking attacks.
External links with target="_blank" must include rel="noopener noreferrer" to prevent security risks like tabnapping.
Strict-Transport-Security max-age is set below 1 year, reducing HTTPS security and HSTS preload eligibility.
Server response headers reveal software version, increasing security risk through information disclosure.
Your SSL certificate will expire in 33 days. Renew it promptly to prevent security warnings, loss of user trust, and potential SEO penalties.
Your website's SSL certificate is set to expire in 34 days. Take action now to renew it and maintain secure, uninterrupted access for users.
Your website's SSL certificate is set to expire in 36 days. Renew it promptly to maintain secure HTTPS connections and avoid browser security warnings or SEO pe
Your website's SSL certificate is set to expire in 37 days. Take action now to renew it and maintain secure HTTPS connections for your users.
Your SSL certificate will expire in 40 days. Take action now to renew it and prevent security warnings, loss of user trust, and potential SEO penalties.
Your website's SSL certificate is set to expire in 45 days. Timely renewal is crucial to maintain secure HTTPS connections, prevent browser warnings, and avoid
Your website's SSL certificate will expire in 46 days. Take prompt action to renew it and ensure continuous secure access for users and search engines.
Your website's SSL certificate will expire in 48 days. You must renew it to maintain secure HTTPS connections and avoid browser warnings or site inaccessibility
Your website's SSL certificate is set to expire in 49 days. Timely renewal is essential to prevent browsers from displaying security warnings, which can deter u
Your website's SSL certificate will expire in 51 days. You must renew it soon to maintain secure HTTPS connections and avoid browser warnings that can deter use
Your SSL/TLS certificate is set to expire in 52 days. Timely renewal is necessary to maintain secure HTTPS connections and avoid browser security warnings or si
Your website's SSL certificate will expire in 53 days. You must renew it to maintain secure HTTPS connections and avoid browser security warnings.
Your website's SSL certificate will expire in 54 days. Renew it promptly to maintain secure HTTPS connections and avoid browser warnings or SEO issues.
Your SSL certificate is set to expire in 55 days. Renew it promptly to maintain secure HTTPS connections and avoid browser security warnings or service interrup
Your SSL certificate is set to expire in 57 days. Renew it promptly to maintain secure HTTPS connections and avoid browser security warnings, which can harm use
Your website's SSL certificate is set to expire in 58 days. This warning gives you time to renew the certificate and prevent security warnings or service interr
Your website's SSL certificate will expire in 59 days. Take action now to renew it and avoid security warnings, loss of user trust, and SEO penalties.
One or more external scripts are loaded without a Subresource Integrity (SRI) hash, exposing users to supply-chain attacks.
HTTPS cross-origin scripts are loaded without Subresource Integrity (SRI), exposing users to supply-chain attacks.
The Permissions-Policy HTTP header is missing, allowing unrestricted access to sensitive browser APIs.
The X-Powered-By HTTP header reveals backend technology, increasing risk of targeted attacks.
See which security issues affect your site
Free scan · No credit card required.