Mozilla HTTP observatory
Scan Summary :
| Impact | Description | Documentation |
Content Security Policy (CSP) header not implemented | Implement one, see MDN's Content Security Policy (CSP) documentation. | |
Does not redirect to an HTTPS site. | Documentation for redirection-to-https | |
| Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/). | |
| Documentation for x-frame-options-sameorigin-or-deny | |
| Documentation for x-content-type-options-nosniff |