# BeaverCheck Audit Report — https://www.classicivivi.it **Date:** April 12, 2026 **URL:** https://www.classicivivi.it **Overall Grade:** D (64/100) **Report:** https://beavercheck.com/results/b626ec58-7f48-47c6-a4a9-7b2b2f5d0d1c ## Top Findings 1. **[CRITICAL]** 'unsafe-eval' found in script source — Security > Content Security Policy 2. **[CRITICAL]** 'unsafe-inline' found in script source — Security > Content Security Policy 3. **[WARNING]** No DMARC record found — Security > Email Security 4. **[WARNING]** base-uri directive is missing — Security > Content Security Policy 5. **[WARNING]** form-action directive is missing — Security > Content Security Policy --- ## Security ### Security Headers (A+ — 100/100) *10 of 10 headers properly configured* - **[PASS]** Strict-Transport-Security is properly configured (consider adding preload) - **[PASS]** X-Content-Type-Options is properly configured - **[PASS]** X-Frame-Options is properly configured - **[PASS]** Referrer-Policy is properly configured - **[PASS]** Permissions-Policy is set - **[PASS]** Content-Security-Policy is present - **[PASS]** Cross-Origin-Opener-Policy is properly configured - **[PASS]** Cross-Origin-Embedder-Policy is set - **[PASS]** X-Powered-By header is not present - **[PASS]** Server header is present without version info ### Content Security Policy (F — 35/100) *3 of 10 CSP checks passed* - **[INFO]** Raw CSP policy - **[PASS]** default-src directive is set - **[CRITICAL]** 'unsafe-inline' found in script source — 'unsafe-inline' allows inline