# BeaverCheck Audit Report — https://voidlogue.com **Date:** April 8, 2026 **URL:** https://voidlogue.com **Overall Grade:** C (72/100) **Report:** https://beavercheck.com/results/4aee44ed-ffea-4819-835f-36d614b80121 ## Top Findings 1. **[CRITICAL]** 'unsafe-inline' found in script source — Security > Content Security Policy 2. **[WARNING]** Cross-Origin-Embedder-Policy header is missing — Security > Security Headers 3. **[WARNING]** No DMARC record found — Security > Email Security 4. **[CRITICAL]** HTTP version does not redirect to HTTPS — Infrastructure > URL Variants 5. **[WARNING]** Bare server default 404 page — Accessibility > 404 Error Page --- ## Security ### Security Headers (A+ — 95/100) *9 of 10 headers properly configured* - **[PASS]** Strict-Transport-Security is properly configured - **[PASS]** X-Content-Type-Options is properly configured - **[PASS]** X-Frame-Options is properly configured - **[PASS]** Referrer-Policy is properly configured - **[PASS]** Permissions-Policy is set - **[PASS]** Content-Security-Policy is present - **[PASS]** Cross-Origin-Opener-Policy is properly configured - **[WARNING]** Cross-Origin-Embedder-Policy header is missing — COEP prevents loading cross-origin resources without explicit permission. Required for SharedArrayBuffer and high-resolution timers. - **[PASS]** X-Powered-By header is not present - **[PASS]** Server header is not present ### Content Security Policy (B — 80/100) *8 of 10 CSP checks passed* - **[INFO]** Raw CSP policy - **[PASS]** default-src directive is set - **[CRITICAL]** 'unsafe-inline' found in script source — 'unsafe-inline' allows inline