Website Security

Jake Rutledge

• January 04, 2021 01:37

I created a new website - one-pager - on the Brizy Cloud. I ran a scan with the Checkbot tool and it shows only a 48% on website security. I'm not a developer but I wanted to know what I could do about these:

Checkbot explains these well but I don’t really know what they mean so I wanted to know if you could fix these?

HSTS

Use HSTS 0%

https://www.checkbot.io/guide/security/?utm_source=checkbot-extension&utm_medium=extension&utm_content=learn-more#rule-enable-hsts

 

Use HSTS preload 0%

https://www.checkbot.io/guide/security/?utm_source=checkbot-extension&utm_medium=extension&utm_content=learn-more#rule-allow-hsts-preload

 

CONTENT SNIFFING

Set MIME types (Good)

Use content sniffing protection 0%

https://www.checkbot.io/guide/security/?utm_source=checkbot-extension&utm_medium=extension&utm_content=learn-more#rule-disable-content-sniffing

 

MISCELLANEOUS

Use clickjack protection 0%

https://www.checkbot.io/guide/security/?utm_source=checkbot-extension&utm_medium=extension&utm_content=learn-more#rule-restrict-iframe-usage

 

Use XSS protection 0%

https://www.checkbot.io/guide/security/?utm_source=checkbot-extension&utm_medium=extension&utm_content=learn-more#rule-enable-xss-protection

 

Thank you for your help!

0

• 

  Sandra Prunici

  • January 05, 2021 10:45

  Hi,

  Could you please send us the URL link of the site? If you don't want to make it public, let us know and we will delete the URL before approving your message. How did you publish it? What method did you use?
  Thanks!

  Best regards,
  Sandra

  0
• 

  Jake Rutledge

  • January 05, 2021 17:14

  Here is my site:

  https://www.marketingautomationstrategist.com/

  I used this to run the scan - https://www.checkbot.io/

  It showed this:

  

  As you can see on the left panel for all the security:

  

  I'm not sure how to do anything on those as it's overly technical to me:

  Checkbot explains these well but I don’t really know what they mean so I wanted to know if you could fix these?

  HSTS

  Use HSTS 0%

  https://www.checkbot.io/guide/security/?utm_source=checkbot-extension&utm_medium=extension&utm_content=learn-more#rule-enable-hsts

   

  Use HSTS preload 0%

  https://www.checkbot.io/guide/security/?utm_source=checkbot-extension&utm_medium=extension&utm_content=learn-more#rule-allow-hsts-preload

   

  CONTENT SNIFFING

  Set MIME types (Good)

  Use content sniffing protection 0%

  https://www.checkbot.io/guide/security/?utm_source=checkbot-extension&utm_medium=extension&utm_content=learn-more#rule-disable-content-sniffing

   

  MISCELLANEOUS

  Use clickjack protection 0%

  https://www.checkbot.io/guide/security/?utm_source=checkbot-extension&utm_medium=extension&utm_content=learn-more#rule-restrict-iframe-usage

   

  Use XSS protection 0%

  https://www.checkbot.io/guide/security/?utm_source=checkbot-extension&utm_medium=extension&utm_content=learn-more#rule-enable-xss-protection

   

  Thank you for your help!

  0
• 

  Sandra Prunici

  • January 06, 2021 15:38

  Hi,

  I'm sorry, I didn't notice that you attache the post in the "Brizy Cloud" topics and therefore, you ask this for a Brizy Cloud site. I also consulted with my colleagues and they said that these details you encounter aren't very important and in the core, they don't affect the site security. If you check the Apple, Wix or Amazon sites, you will notice that they don't have the HSTS and HSTS preload options. See here, here and here. 
  These details mentioned in the tool, aren't a great security problem and will not make your site sensible, as you can check some of the largest sites have a similar configuration. 
  Let us know if we can help you with something else.

  Best regards,
  Sandra

  0

Please sign in to leave a comment.