Learn about Uptime monitoring
Learn about Domain, SSL & site integrity
Explore SEO Essentials
Learn about Performance tracking
Security
Explore Content changes
View change timeline
Monitoring Status
Last scan: Mar 07, 2026 at 04:00
95%

Priority Fixes

Insecure action triggers (like onclick) are embedded in your HTML. These bypass standard security policies.

Inline Action Triggers

Inline Action Triggers

Fix Required

About: Detects scripts triggered directly by HTML elements (like onclick). These are difficult to secure and should be moved.

"Insecure action triggers (like onclick) are embedded in your HTML. These bypass standard security policies."

!

Cf Bm

Cf Bm

Needs Review

"Secure flag missing; SameSite flag missing or invalid"

!

Content Guardian (CSP)

Content Guardian (CSP)

Needs Review

About: Controls what scripts and content are allowed to run on your site, preventing malicious code from executing.

"Your guard is active, but it uses "unsafe-inline" or "unsafe-eval". To meet 2026 security standards, consider implementing cryptographic Nonces to lock down your scripts further."

!

Enforced Encryption (HSTS)

Enforced Encryption (HSTS)

Needs Review

About: Ensures browsers only communicate with your site over a secure connection, preventing hackers from intercepting data.

"Encryption is enforced, but not for your subdomains. This creates a security gap that could be exploited."

!

Old-School Script Filter (XSS)

Old-School Script Filter (XSS)

Needs Review

About: An older security layer. In 2026, this is considered secondary to a strong Content Guardian (CSP).

"This older safety check is missing. This is not critical as long as your "Content Guardian (CSP)" is robust."

!

Device & Feature Privacy

Device & Feature Privacy

Needs Review

About: Restricts access to browser features and hardware like the camera, microphone, or GPS location data.

"No policy detected; by default, the site could request access to a user's camera, location, or biometric sensors."

HTTP to HTTPS Redirect

HTTP to HTTPS Redirect

Secure

"Site automatically redirects insecure traffic to HTTPS."

Legacy URL Scripts

Legacy URL Scripts

Secure

About: Detects scripts hidden inside link URLs, a common trick for cross-site scripting (XSS) attacks.

"No "javascript:" URLs were found in your links."

Encoded Script Detection

Encoded Script Detection

Secure

About: Checks for scripts disguised with URL encoding to bypass basic security filters and scanners.

"No encoded script bypasses detected."

Hexadecimal Masking

Hexadecimal Masking

Secure

About: Checks if code is being hidden using Hex values to prevent security software from reading the intent.

"No hex-obfuscated code was found."

Base64 Masking

Base64 Masking

Secure

About: Detects code packed into Base64 strings, a high-risk method used to smuggle scripts past traditional firewalls.

"No Base64-encoded scripts were detected."

Execution Safety (eval)

Execution Safety (eval)

Secure

About: Checks for the "eval()" function, which can turn any incoming text into live, dangerous code on your server.

"The dangerous "eval()" function is not being used."

Suspicious Inline Code

Suspicious Inline Code

Secure

About: Scans the code on your page for complex patterns typically used in hacking attempts or unauthorized tracking.

"No suspicious inline code patterns were found."

Safe Timers (setTimeout)

Safe Timers (setTimeout)

Secure

About: Ensures your timers aren’t running text as code, which is a major security loophole that can be hijacked.

"Timers are being used safely with function references."

Safe Loops (setInterval)

Safe Loops (setInterval)

Secure

About: Checks if repeating timers are being used to run potentially dangerous strings as code loops.

"Repeating timers are configured securely."

Dynamic Function Safety

Dynamic Function Safety

Secure

About: Checks for the "new Function" constructor, which allows strings to be compiled into live code on the fly.

"No dynamic function constructors are in use."

Page Writing Safety

Page Writing Safety

Secure

About: Checks for "document.write", an insecure and outdated method that can be exploited to inject external content.

"Modern, safe page update methods are being used."

Cloudflare

Cloudflare

Secure

"Up to date"

Data Leakage Protection

Data Leakage Protection

Secure

About: Controls how much information about your users is shared with other sites when they click an external link.

"Your visitors’ data stays private when they leave your site."

Clickjack Protection

Clickjack Protection

Secure

About: Prevents other websites from "framing" your site to trick users into clicking hidden buttons or stealing credentials.

"Your site cannot be invisible-framed by others. Your interface belongs to you."

File Type Sniffing

File Type Sniffing

Secure

About: Stops browsers from "guessing" a file’s type, which prevents hackers from disguising a virus as a simple image.

"Browsers are forced to respect the actual file type, preventing "mime-sniffing" attacks."

Invisible Window Detection

Invisible Window Detection

Secure

About: Checks for hidden windows that could be used to perform actions (like ad clicks) without the user knowing.

"No hidden windows detected."

Automatic Redirects

Automatic Redirects

Secure

About: Checks for "meta-refresh" tags that can force a user to a different, potentially malicious site without interaction.

"No forced auto-redirects found."

Zero-Pixel Windows

Zero-Pixel Windows

Secure

About: Detects "invisible" frames that hackers use to hide malicious content or execute scripts on an otherwise clean page.

"No invisible frames detected."

Mixed Content Check

Mixed Content Check

Secure

About: Ensures every single image, script, and style is loaded securely over HTTPS. One insecure file breaks the whole page.

"All resources are loaded securely over HTTPS."