Skip to main content
Destiny QA home
Back to help

Guide

Reading security findings

What the security checks look for, why each one matters, and how to resolve common findings.

4 min read

1

HTTPS and mixed content

Every page should load over HTTPS. Mixed content occurs when an HTTPS page loads resources (images, scripts, stylesheets) over HTTP. Browsers block or warn on mixed content, which breaks pages and erodes trust. Fix it by updating asset URLs to HTTPS or using protocol-relative URLs.

2

Security headers

Missing HTTP security headers leave browsers without instructions on how to protect users. Key ones: Content-Security-Policy limits which sources can load resources; X-Frame-Options prevents clickjacking; Strict-Transport-Security enforces HTTPS; X-Content-Type-Options prevents MIME sniffing. Add them in your server config, CDN edge rules, or a middleware layer.

3

Exposed software versions

Headers and meta tags that expose exact CMS, server, or plugin versions help attackers target known CVEs. Remove or generic-ise the Server, X-Powered-By, and X-Generator headers, and suppress the WordPress generator meta tag.

4

Console errors

JavaScript errors in the browser console can indicate broken integrations, failing API calls, or content security policy violations. Destiny QA captures console errors during the browser render, so check this finding even if the page looks fine visually.

Cookie Consent Preferences

We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", you consent to our use of all cookies. You can manage your preferences or read our Cookie Policy for details.