Security Issues - Issue Reference - Knowledge Base

All Topics Learning Paths

Getting Started SEO On-Page Advanced SEO Content Strategy Technical Deep Dives Industry Guides Visual Guides Using the Platform Issue Reference Troubleshooting & FAQ Glossary Off-Page SEO CMS Guides AI & SEO

In this section: Issue Reference Overview SEO Issues Performance Issues Security Issues Accessibility Issues Mobile Issues Content Issues

Issue Reference

Security Issues

Security checks evaluate how well your website protects users and their data. HTTPS is a confirmed ranking factor.

13 checks | Focus: HTTPS, security headers, data protection

High HTTPS Encryption

What it checks: Whether the page uses HTTPS protocol.

Why it matters: HTTPS is a ranking factor and essential for user trust. Browsers mark HTTP sites as "Not Secure".

How to fix:

Install an SSL certificate
Redirect all HTTP URLs to HTTPS
Update internal links to HTTPS

High SSL Certificate Expiry

What it checks: Whether SSL certificate expires within 30 days.

Why it matters: Expired certificates cause browser warnings and block access.

How to fix: Renew your SSL certificate before expiry. Set up auto-renewal.

Medium Importance

Medium HTTP/2

What it checks: Whether the server uses HTTP/2 protocol.

Why it matters: HTTP/2 is faster with multiplexing and header compression.

How to fix: Enable HTTP/2 on your server or use a CDN that supports it.

Medium Mixed Content

What it checks: Whether HTTPS pages load HTTP resources.

Why it matters: Mixed content triggers security warnings and may be blocked.

How to fix: Update all resource URLs to use HTTPS or protocol-relative URLs.

Medium Server Signature

What it checks: Whether server version is exposed in headers.

Why it matters: Exposing server info helps attackers target known vulnerabilities.

How to fix: Disable Server header or set to a generic value.

Medium Unsafe Cross-Origin Links

What it checks: Whether external target="_blank" links have rel attributes.

Why it matters: Links without rel="noopener" can be exploited by the destination page.

How to fix: Add rel="noopener noreferrer" to external _blank links.

Medium Content Security Policy

What it checks: Presence of Content-Security-Policy header.

Why it matters: CSP helps prevent XSS and other injection attacks.

How to fix: Configure a Content-Security-Policy header on your server.

Medium X-Frame-Options

What it checks: Presence of X-Frame-Options header.

Why it matters: Prevents your site from being embedded in iframes (clickjacking).

How to fix: Add header: X-Frame-Options: SAMEORIGIN

Low Importance

Low HSTS Header

What it checks: Presence of Strict-Transport-Security header.

Why it matters: HSTS forces browsers to always use HTTPS.

How to fix: Add header: Strict-Transport-Security: max-age=31536000

Low Plaintext Email

What it checks: Whether email addresses appear as plaintext in HTML.

Why it matters: Plaintext emails can be harvested by spam bots.

How to fix: Use contact forms or obfuscate email addresses.

Low X-Content-Type-Options

What it checks: Presence of X-Content-Type-Options: nosniff header.

Why it matters: Prevents MIME type sniffing attacks.

How to fix: Add header: X-Content-Type-Options: nosniff

Low Referrer Policy

What it checks: Presence of Referrer-Policy header.

Why it matters: Controls what referrer information is sent with requests.

How to fix: Add header: Referrer-Policy: strict-origin-when-cross-origin

Low Permissions Policy

What it checks: Presence of Permissions-Policy header.

Why it matters: Controls which browser features can be used.

How to fix: Add Permissions-Policy header with appropriate directives.

Performance Issues

Accessibility Issues