CARNEGIE CLEAN ENERGY LIMITED
Poor security posture. Critical issues require immediate attention. 1 high severity issue found.
No Content-Security-Policy header found. CSP helps prevent XSS attacks.
Recommendation: Implement a Content-Security-Policy header.
No SPF record found. SPF helps prevent email spoofing.
Recommendation: Add an SPF TXT record to specify authorized mail servers.
No DMARC record found. DMARC builds on SPF and DKIM to prevent email spoofing.
Recommendation: Add a DMARC record at _dmarc.yourdomain.com
HTTP Strict Transport Security is not enabled.
Recommendation: Add the Strict-Transport-Security header to enforce HTTPS.
No X-Frame-Options header found. This allows the site to be framed.
Recommendation: Add X-Frame-Options: DENY or SAMEORIGIN header.
No X-Content-Type-Options header found.
Recommendation: Add X-Content-Type-Options: nosniff header.
No DKIM records found for common selectors. DKIM provides email authentication.
Recommendation: Configure DKIM signing for your email service.
No CAA records found. CAA records specify which CAs can issue certificates.
Recommendation: Add CAA records to restrict certificate issuance to trusted CAs.
No Referrer-Policy header found.
Recommendation: Add a Referrer-Policy header (e.g., strict-origin-when-cross-origin).
Technology stack disclosed: WP Engine
Recommendation: Remove the X-Powered-By header to hide technology stack.
No security.txt file was found. This file helps security researchers contact you.
Recommendation: Add a security.txt file at /.well-known/security.txt per RFC 9116.
No robots.txt file was found at the root.
Recommendation: Consider adding a robots.txt file to control crawler behavior.