top | item 47121117

(no title)

    "security_headers": {
      "content_security_policy": "Present",
      "strict_transport_security": "Present",
      "x_content_type_options": "Present",
      "x_frame_options": "Missing",
      "referrer_policy": "Present",
      "permissions_policy": "Present",
      "score": 80,
      "grade": "B"
    },

X-frame-options is obsolete. Frame-ancestors option in content-secrity-policy is the way to go.

discuss

No comments yet.