Mozilla HTTP observatory
Scan Summary :
| Impact | Description | Documentation |
Content Security Policy (CSP) header not implemented | Implement one, see MDN's Content Security Policy (CSP) documentation. | |
| Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/). | |
| Documentation for x-frame-options-sameorigin-or-deny | |
Subresource Integrity (SRI) not implemented, but all external scripts are loaded over HTTPS. | Add SRI to external scripts. | |
| Documentation for x-content-type-options-nosniff |