Security Scanner
Posture findings, recommendations, and risk score across your fleet.
Risk score
86/100
+4 since last scan
critical
1
critical
high
2
high
medium
1
medium
low
1
low
All findings
6 TOTALSSL mode set to Flexiblestatic.northwind.io
Switch to Full (strict) to prevent man-in-the-middle on origin traffic.
Origin IP exposed via DNSlegacy.northwind.io
Enable Cloudflare proxy (orange-cloud) on all A and AAAA records.
WAF not enabledstatic.northwind.io
Enable managed rulesets to block common OWASP threats.
Missing HSTS headerapi.observer.dev
Add Strict-Transport-Security with min-age=31536000.
Bot protection disabledapi.observer.dev
Enable Bot Fight Mode to throttle automated abuse.
DNSSEC inactiveobserver.dev
Enable DNSSEC for cryptographic integrity on resolution.