Origin Energy

originenergy.com.au

Energy

Security Score

69/100

Below average security posture. Significant improvements needed. 1 high severity issue found. Strong in: dns, tls, files, general.

Scanned 4 days ago

Is this your business?

Claim this page to get detailed reports, request re-scans, and manage your profile.

Missing Content-Security-Policy

HIGH

HEADERS

No Content-Security-Policy header found. CSP helps prevent XSS attacks.

Recommendation: Implement a Content-Security-Policy header.

Missing HSTS header

MEDIUM

TLS

HTTP Strict Transport Security is not enabled.

Recommendation: Add the Strict-Transport-Security header to enforce HTTPS.

Missing X-Frame-Options

MEDIUM

HEADERS

No X-Frame-Options header found. This allows the site to be framed.

Recommendation: Add X-Frame-Options: DENY or SAMEORIGIN header.

Missing X-Content-Type-Options

MEDIUM

HEADERS

No X-Content-Type-Options header found.

Recommendation: Add X-Content-Type-Options: nosniff header.

Missing Referrer-Policy

LOW

HEADERS

No Referrer-Policy header found.

Recommendation: Add a Referrer-Policy header (e.g., strict-origin-when-cross-origin).

Missing Permissions-Policy

LOW

HEADERS

No Permissions-Policy header found.

Recommendation: Add a Permissions-Policy header to control browser features.

No security.txt found

LOW

FILES

No security.txt file was found. This file helps security researchers contact you.

Recommendation: Add a security.txt file at /.well-known/security.txt per RFC 9116.

Email authentication configured

INFO

DNS

SPF, DMARC, and DKIM are all configured for this domain.

No robots.txt found

INFO

FILES

No robots.txt file was found at the root.

Recommendation: Consider adding a robots.txt file to control crawler behavior.