You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 25, 2020. It is now read-only.
HTTP Observatory Report: advocacy.mozilla.org
Score Rule Description
-20 content-security-policy Content Security Policy (CSP) implemented unsafely.
-10 strict-transport-security HTTP Strict Transport Security (HSTS) header set to less than six months (15768000).
-5 contribute Contribute.json file missing from root of website.
-5 subresource-integrity Subresource Integrity (SRI) not implemented, but all external scripts are loaded over https.
0 public-key-pinning HTTP Public Key Pinning (HPKP) header not implemented.
0 x-xss-protection X-XSS-Protection header set to "1; mode=block".
0 cookies No cookies detected.
0 cross-origin-resource-sharing Content is not visible via cross-origin resource sharing (CORS) files or headers.
0 x-content-type-options X-Content-Type-Options header set to "nosniff".
0 redirection Initial redirection is to https on same host, final destination is https.
5 x-frame-options X-Frame-Options (XFO) implemented via the CSP frame-ancestors directive.
Score: 65
Grade: B-
Full Report Url: https://observatory.mozilla.org/analyze.html?host=advocacy.mozilla.org
The text was updated successfully, but these errors were encountered:
We did our best on improving petitions.mozilla.org at https://bugzilla.mozilla.org/show_bug.cgi?id=1310006 but the redirect to advocacy means that we're capped at B- for WebOps-side things.
The text was updated successfully, but these errors were encountered: