2019-04-16 website test - bbld.de
| Test provider | Result | Test link |
|---|---|---|
| Mozilla Observatory | A+ (125/100) | https://observatory.mozilla.org/analyze/bbld.de |
| tls.imirhil.fr | A+ (96/100) | https://tls.imirhil.fr/https/bbld.de |
| SSL Labs | A+ | https://www.ssllabs.com/ssltest/analyze?d=bbld.de |
| securityheaders.com | A+ | https://securityheaders.com/?q=https%3A%2F%2Fbbld.de%2F |
| Google PageSpeed | 99/100 | https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fbbld.de%2F |
Content Security Policy
| Test | Pass |
|---|---|
| Blocks execution of inline JavaScript by not allowing 'unsafe-inline' inside script-src | Yes |
| Blocks execution of JavaScript's eval() function by not allowing 'unsafe-eval' inside script-src | Yes |
| Blocks execution of plug-ins, using object-src restrictions | Yes |
| Blocks inline styles by not allowing 'unsafe-inline' inside style-src | Yes |
| Blocks loading of active content over HTTP or FTP | Yes |
| Blocks loading of passive content over HTTP or FTP | Yes |
| Clickjacking protection, using frame-ancestors | Yes |
| Deny by default, using default-src 'none' | Yes |
| Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins | Yes |
| Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs | Yes |