Static demo guidance

AI-Style Security Fix Suggestions

Go beyond detection. Understand what went wrong, why it matters, and how to fix common website security issues.

Fix suggestions are educational guidance and should be reviewed before applying in production.

Suggested Fix

Missing Content-Security-Policy

High

Why it matters

Helps reduce XSS impact.

Suggested fix

Add a Content-Security-Policy header and start with a restrictive default-src policy.

Example snippet

Content-Security-Policy: default-src 'self'; object-src 'none'; frame-ancestors 'none';

Run Full Scan

Suggested Fix

Missing HSTS Header

Medium

Why it matters

Users may be exposed to downgrade attacks.

Suggested fix

Add Strict-Transport-Security with max-age and includeSubDomains after confirming HTTPS is stable.

Example snippet

Strict-Transport-Security: max-age=31536000; includeSubDomains

Run Full Scan

Suggested Fix

Insecure Cookie Flags

Medium

Why it matters

Cookies may be exposed through scripts or insecure transport.

Suggested fix

Add Secure, HttpOnly, and SameSite flags where appropriate.

Example snippet

Set-Cookie: session=...; Secure; HttpOnly; SameSite=Lax

Run Full Scan

Suggested Fix

Missing DMARC Record

Medium

Why it matters

Domain spoofing and phishing risk increases.

Suggested fix

Add a DMARC TXT record starting with p=none, then move toward stricter enforcement.

Example snippet

v=DMARC1; p=none; rua=mailto:dmarc@example.com

Run Full Scan

Suggested Fix

Exposed Server Header

Low

Why it matters

Reveals technology stack details.

Suggested fix

Remove or minimize server fingerprinting headers where possible.

Example snippet

server_tokens off;

Run Full Scan

How static fix guidance helps

Translate security findings into developer-friendly next steps

Prioritize common website configuration risks

Review fixes before applying them in production

Explore related features

Trust Center Preview Security History Monitoring Advanced Scan Pricing