Fixing the most common findings
The findings we see most on AI-built sites and the quickest fix for each.
# Fixing the most common findings
The findings we see most on fast-built sites, and the quickest fix for each.
## Missing security headers
HSTS, CSP, `X-Content-Type-Options`, `Referrer-Policy`. Add them at your
host/CDN edge or in your framework config. The finding's AI fix prompt lists the
exact set to add.
## Mixed content
An HTTPS page loading an HTTP asset (image, script, font). Switch the asset URL
to `https://`, or a protocol-relative `//`.
## Cookies without Secure / HttpOnly / SameSite
Set those flags on your session cookie. The AI fix prompt shows the exact
attributes for your framework.
## Form over HTTP / auth token in URL
Move the form to HTTPS, and put secrets in the request body or headers — never in
the query string, where they end up in logs and history.
## Weak SEO basics
A missing ``, no meta description, or zero / multiple `<h1>` tags. Quick
to fix and high-leverage for discoverability.
## Using the fix prompts
Every finding's prompt is written so you can paste it straight back into the tool
that built the site (Lovable, v0, Bolt, Cursor, Replit) and have it make the
change for you.
</div>
<div style="margin-top: 32px; padding-top: 16px; border-top: 1px solid var(--color-border);">
<span style="color: var(--color-text-muted); font-size: 0.85rem;">Tags: fix, common findings, security headers, HTTPS, mixed content, cookies, CSRF, remediation, how do I fix</span>
</div>
</article>
</div>
</main>
</div>
<!-- Site Footer -->
<footer class="site-footer">
<div class="container">
<div class="footer-content">
<div class="footer-links">
<span>2026 Contexta Services Ltd</span>
<a href="/help/privacy">Privacy</a>
<a href="/help/terms">Terms</a>
<a href="/help/">Help</a>
</div>
<div class="footer-meta">
<span title="Build: 20260607.1 | Image: contexta-vm-20260607-1441 | c677b14">v1.7.1026</span>
<span>Powered by Azure OpenAI</span>
</div>
</div>
</div>
</footer>
<!-- Screenshot Capture Overlay (hidden by default) -->
<div id="screenshot-overlay" style="display:none; position:fixed; top:0; left:0; right:0; bottom:0; background:rgba(0,0,0,0.5); z-index:99999; align-items:center; justify-content:center;">
<div style="background:white; padding:24px 32px; border-radius:8px; text-align:center;">
<div style="font-size:18px; font-weight:600; margin-bottom:8px;">Capturing Screenshot...</div>
<div style="color:var(--color-text-muted);">Please wait</div>
</div>
</div>
<!-- Core JavaScript -->
<script src="/static/js/dashboard.js"></script>
<!-- html2canvas for screenshot capture -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js"></script>
<!-- User Menu Toggle -->
<script>
(function() {
var btn = document.getElementById('userMenuBtn');
var dropdown = document.getElementById('userMenuDropdown');
if (btn && dropdown) {
btn.addEventListener('click', function(e) {
e.stopPropagation();
dropdown.classList.toggle('show');
});
document.addEventListener('click', function(e) {
if (!dropdown.contains(e.target) && !btn.contains(e.target)) {
dropdown.classList.remove('show');
}
});
}
})();
</script>
<!-- Mobile Navigation Toggle -->
<script>
function toggleMobileNav() {
var menu = document.getElementById('navMenu');
menu.classList.toggle('open');
}
document.addEventListener('click', function(e) {
var menu = document.getElementById('navMenu');
var toggle = document.querySelector('.nav-toggle');
if (menu && menu.classList.contains('open') && !menu.contains(e.target) && !toggle.contains(e.target)) {
menu.classList.remove('open');
}
/* Close open dropdowns when tapping outside on touch devices */
if (!e.target.closest('.nav-dropdown')) {
document.querySelectorAll('.nav-dropdown.open').forEach(function(d) { d.classList.remove('open'); });
}
});
/* Touch devices: tap dropdown buttons to expand/collapse menus (any screen width) */
var _isHoverDevice = window.matchMedia('(hover: hover) and (pointer: fine)').matches;
document.addEventListener('DOMContentLoaded', function() {
document.querySelectorAll('.nav-dropdown > button').forEach(function(btn) {
btn.addEventListener('click', function(e) {
if (_isHoverDevice) return;
e.preventDefault();
e.stopPropagation();
var dd = btn.parentElement;
var wasOpen = dd.classList.contains('open');
document.querySelectorAll('.nav-dropdown.open').forEach(function(d) { d.classList.remove('open'); });
if (!wasOpen) dd.classList.add('open');
});
});
document.querySelectorAll('.nav-submenu > a').forEach(function(link) {
link.addEventListener('click', function(e) {
if (_isHoverDevice) return;
e.preventDefault();
e.stopPropagation();
var sub = link.parentElement;
var wasOpen = sub.classList.contains('open');
sub.parentElement.querySelectorAll('.nav-submenu.open').forEach(function(s) { s.classList.remove('open'); });
if (!wasOpen) sub.classList.add('open');
});
});
});
</script>
<!-- Bug Report Hotkey: Ctrl+Alt+B - Auto captures screenshot -->
<!-- Feature Request Hotkey: Ctrl+Alt+F - Auto captures screenshot -->
<script>
document.addEventListener('keydown', function(e) {
// Ctrl+Alt+B = Bug Report
if (e.ctrlKey && e.altKey && e.key.toLowerCase() === 'b') {
e.preventDefault();
if (window.location.pathname.includes('/bug-report')) return;
captureAndNavigate('bug_report', '/feedback/bug-report');
}
// Ctrl+Alt+F = Feature Request
if (e.ctrlKey && e.altKey && e.key.toLowerCase() === 'f') {
e.preventDefault();
if (window.location.pathname.includes('/feature-request')) return;
captureAndNavigate('feature_request', '/feedback/feature-request');
}
});
function captureAndNavigate(prefix, targetUrl) {
sessionStorage.setItem(prefix + '_url', window.location.href);
var overlay = document.getElementById('screenshot-overlay');
if (overlay) overlay.style.display = 'flex';
if (typeof html2canvas !== 'undefined') {
html2canvas(document.body, {
scale: 0.5, logging: false, useCORS: true, allowTaint: true, backgroundColor: '#ffffff',
width: Math.min(document.body.scrollWidth, 1400),
height: Math.min(document.body.scrollHeight, 900)
}).then(function(canvas) {
var dataUrl = canvas.toDataURL('image/jpeg', 0.6);
if (dataUrl.length > 500000) {
var smallCanvas = document.createElement('canvas');
var ctx = smallCanvas.getContext('2d');
smallCanvas.width = canvas.width * 0.6;
smallCanvas.height = canvas.height * 0.6;
ctx.drawImage(canvas, 0, 0, smallCanvas.width, smallCanvas.height);
dataUrl = smallCanvas.toDataURL('image/jpeg', 0.5);
}
sessionStorage.setItem(prefix + '_screenshot', dataUrl);
window.location.href = targetUrl;
}).catch(function(err) {
console.error('Screenshot failed:', err);
window.location.href = targetUrl;
});
} else {
window.location.href = targetUrl;
}
}
</script>
<!-- Layout Toggle -->
<script>
function setLayout(width) {
fetch('/api/set-layout', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').content
},
body: JSON.stringify({layout_width: width})
}).then(function() {
// Preserve sidebar classes while updating layout class
var classes = document.body.className.replace(/layout-\S+/g, '').trim();
document.body.className = classes + ' layout-' + width;
document.querySelectorAll('.layout-btn').forEach(function(btn) {
btn.classList.remove('active');
});
event.target.classList.add('active');
});
}
</script>
<!-- Sidebar Toggle -->
<script>
function setSidebar(position, style) {
style = style || getCurrentSidebarStyle();
fetch('/api/set-sidebar', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').content
},
body: JSON.stringify({sidebar_position: position, sidebar_style: style})
}).then(function() {
// Update body classes
document.body.className = document.body.className
.replace(/sidebar-left|sidebar-right|sidebar-hidden/g, '')
.replace(/sidebar-icons-labels|sidebar-icons|sidebar-collapsed/g, '')
.trim();
document.body.classList.add('sidebar-' + position, 'sidebar-' + style);
});
}
function setSidebarStyle(style) {
var position = getCurrentSidebarPosition();
setSidebar(position, style);
}
function getCurrentSidebarPosition() {
if (document.body.classList.contains('sidebar-right')) return 'right';
if (document.body.classList.contains('sidebar-hidden')) return 'hidden';
return 'left';
}
function getCurrentSidebarStyle() {
if (document.body.classList.contains('sidebar-icons')) return 'icons';
if (document.body.classList.contains('sidebar-collapsed')) return 'collapsed';
return 'icons-labels';
}
function toggleSidebarCollapse() {
var style = getCurrentSidebarStyle();
var newStyle = (style === 'collapsed') ? 'icons-labels' : 'collapsed';
setSidebar(getCurrentSidebarPosition(), newStyle);
}
// Ctrl+B: toggle sidebar collapsed/expanded
document.addEventListener('keydown', function(e) {
if (e.ctrlKey && !e.altKey && !e.shiftKey && e.key.toLowerCase() === 'b') {
var sidebar = document.getElementById('pluginSidebar');
if (!sidebar) return;
e.preventDefault();
toggleSidebarCollapse();
}
});
</script>
<!-- Chat Widget -->
<script src="/chatbot/widget.js"></script>
<!-- Contexta Tooltips -->
<script src="/static/js/contexta-tooltips.js"></script>
<!-- Plugin JavaScript -->
<script src="/static/js/gaps.js"></script>
<script src="/static/js/document-viewer.js"></script>
<!-- Contextual Tips: show/dismiss with localStorage -->
<script>
(function() {
document.querySelectorAll('.ctx-tip').forEach(function(el) {
var key = el.getAttribute('data-tip-key');
if (!localStorage.getItem('tip_dismissed_' + key)) {
el.style.display = '';
}
});
})();
function dismissTip(key, btn) {
localStorage.setItem('tip_dismissed_' + key, '1');
btn.closest('.ctx-tip').style.display = 'none';
}
</script>
<script>
/* Set site header height as CSS variable for sticky offsets */
(function() {
var h = document.querySelector('.site-header');
if (h) {
var hh = h.getBoundingClientRect().height;
document.documentElement.style.setProperty('--site-header-height', hh + 'px');
}
window.addEventListener('resize', function() {
if (h) document.documentElement.style.setProperty('--site-header-height', h.getBoundingClientRect().height + 'px');
});
})();
</script>
</body>
</html>