Website Security
Comprehensive analysis of website security and compliance vulnerabilities
Weekly analysis catches the tracking pixels, SSL misconfigurations, and CMS vulnerabilities that plaintiff firms and cyber insurance underwriters are already looking for.
- Detect Meta Pixel, GA4, TikTok, session replay, and every third-party script added since the last analysis.
- Weekly SSL/TLS, security headers, exposed admin paths, and CMS vulnerability checks.
- Remediation guidance your webmaster can act on without translation.
Monitoring/Website Monitoring
Re-check nowSignals analyzed
318
Score
742
Findings
7
Active findings
- criticalDEFINITIVE
Meta Pixel transmitting visitor data
fbq('track', 'PageView') fires on every page including /appointments. Meta does not sign BAAs.
Fix ·Remove the Meta Pixel script from <head> or gate it behind an explicit patient consent prompt.45 CFR §164.502(a)
- highHIGH
Google Analytics 4 without BAA configuration
GA4 tag transmits client IDs and page paths. Configuration does not use Google Cloud Healthcare API.
Fix ·Migrate tracking to a BAA-covered Google Cloud configuration or remove GA4.45 CFR §164.314(a)(1)
Technical checks
HTTPS enforcedYes · strict HSTS
TLS 1.3Supported
CSP policyMissing
X-Frame-OptionsSAMEORIGIN
CMS versionWordPress 6.2 — 3 updates behind
Exposed /wp-adminPassword-protected
Other surfaces we watch
The other surfaces in your monthly evidence report.
Pro tier covers all surfaces. Core covers Website + Email and upgrades anytime.
Protection starts at sign-up. Zero input from IT.
About sixty seconds to onboard. Continuous monitoring begins the moment you activate a plan.