What it's for
- Avoid losing rankings by finding security issues commonly penalized by search engines
- Minimize the risk of fraud through attacks using leaked user data and stolen login credentials
- Check pages for unsecure elements and prevent security warnings from being shown and impacting revenue
- Identify pages where security measures could be improved by implementing browser security policies
Website security standards are being enforced by modern browser nowadays
If your siteops department is slacking on these topics, the intensified browser enforcement could seriously harm your business – e.g. if the browser omnibox shows your ecommerce shop as unsecure.
Website security analysis
Unsafe resources & mixed content
HTTP to HTTPs migration
Identify URLs that have not been properly switched from HTTP to HTTPs and therefore still pose a security risk.
Discover all URLs that send cookies over an insecure connection or miss the secure flag, and can probably be stolen by an attacker.
Discover all pages that contain forms that could leak data through an unsafe HTTP connection or expose data through GET parameters.
Strict transport security
Identify all URLs without a strict transport security HTTP header, which enforces HTTPS for subsequent request, or specify a duration too short for HSTS preload.
Content security policy
Discover all pages that do not specify a content security policy HTTP header and therefore use the default policy of the browser, which is less strict.