2019-04-16 website test - bbld.de: Difference between revisions
No edit summary |
|||
Line 13: | Line 13: | ||
|} | |} | ||
==Content Security Policy | ==Content Security Policy== | ||
{| class="wikitable" | {| class="wikitable" | ||
|+Content Security Policy Analysis | |||
! Test || Pass | ! Test || Pass | ||
|- | |- |
Latest revision as of 2019-04-16T15:15:45
Test provider | Result | Test link |
---|---|---|
Mozilla Observatory | A+ (125/100) | https://observatory.mozilla.org/analyze/bbld.de |
tls.imirhil.fr | A+ (96/100) | https://tls.imirhil.fr/https/bbld.de |
SSL Labs | A+ | https://www.ssllabs.com/ssltest/analyze?d=bbld.de |
securityheaders.com | A+ | https://securityheaders.com/?q=https%3A%2F%2Fbbld.de%2F |
Google PageSpeed | 99/100 | https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fbbld.de%2F |
Content Security Policy
Test | Pass |
---|---|
Blocks execution of inline JavaScript by not allowing 'unsafe-inline' inside script-src | Yes |
Blocks execution of JavaScript's eval() function by not allowing 'unsafe-eval' inside script-src | Yes |
Blocks execution of plug-ins, using object-src restrictions | Yes |
Blocks inline styles by not allowing 'unsafe-inline' inside style-src | Yes |
Blocks loading of active content over HTTP or FTP | Yes |
Blocks loading of passive content over HTTP or FTP | Yes |
Clickjacking protection, using frame-ancestors | Yes |
Deny by default, using default-src 'none' | Yes |
Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins | Yes |
Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs | Yes |