We’re excited to announce Astral has an A+ rating on Mozilla’s web security scanning tool.

This puts us in a great (but small) group. The only other cryptocurrency wallet or exchange with this rating that we could find was Coinbase’s GDAX exchange. You can use the tool here to scan other websites.

Our Mozilla Observatory rating

How we did it (the short version)

We’ll go over some of the more interesting security upgrades we had to make to achieve this. We implemented:

Content security policy: this enforces where a browser can download external scripts from. This prevents malicious script or style injections. Strict cookie sharing policy: SameSite prevents your browser from sending cookies with cross-site requests. This improvement became more critical since the advent of Intel’s Spectre vulnerability. HTTP Strict Transport Security: Tells browsers to visit us only through SSL for a certain amount of time.

Our security perspective

We’re happy to announce our rating, but still approach security with a humble and defensive perspective.

Despite our rating, we still caution users to hold large amounts of any cryptocurrency offline. Frankly, there are always attack vectors for online wallets and moving funds offline removes almost all of them. The Mozilla Observatory rating only paints a limited picture of security. There are many other moving parts in securing a web application.

Thanks to our customers

As always, we want to thank our users for continuously providing valuable feedback.

Thanks for reading! If you’re interested in a Stellar Wallet, please do check out Astral. Follow our official Twitter account here.