2019-04-16 website test - bbld.de: Difference between revisions
(Created page with "{| class="wikitable" ! Test provider || Result || Test link |- | Mozilla Observatory || A+ (125/100) || https://observatory.mozilla.org/analyze/bbld.de |- | tls.imirhil.fr ||...") |
No edit summary |
||
Line 11: | Line 11: | ||
|- | |- | ||
| Google PageSpeed || 99/100 || https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fbbld.de%2F | | Google PageSpeed || 99/100 || https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fbbld.de%2F | ||
|} | |||
==Content Security Policy Analysis== | |||
{| class="wikitable" | |||
! Test || Pass | |||
|- | |||
| Blocks execution of inline JavaScript by not allowing 'unsafe-inline' inside script-src || Yes | |||
|- | |||
| Blocks execution of JavaScript's eval() function by not allowing 'unsafe-eval' inside script-src || Yes | |||
|- | |||
| Blocks execution of plug-ins, using object-src restrictions || Yes | |||
|- | |||
| Blocks inline styles by not allowing 'unsafe-inline' inside style-src || Yes | |||
|- | |||
| Blocks loading of active content over HTTP or FTP || Yes | |||
|- | |||
| Blocks loading of passive content over HTTP or FTP || Yes | |||
|- | |||
| Clickjacking protection, using frame-ancestors || Yes | |||
|- | |||
| Deny by default, using default-src 'none' || Yes | |||
|- | |||
| Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins || Yes | |||
|- | |||
| Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs || Yes | |||
|} | |} |
Revision as of 2019-04-16T15:14:11
Test provider | Result | Test link |
---|---|---|
Mozilla Observatory | A+ (125/100) | https://observatory.mozilla.org/analyze/bbld.de |
tls.imirhil.fr | A+ (96/100) | https://tls.imirhil.fr/https/bbld.de |
SSL Labs | A+ | https://www.ssllabs.com/ssltest/analyze?d=bbld.de |
securityheaders.com | A+ | https://securityheaders.com/?q=https%3A%2F%2Fbbld.de%2F |
Google PageSpeed | 99/100 | https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fbbld.de%2F |
Content Security Policy Analysis
Test | Pass |
---|---|
Blocks execution of inline JavaScript by not allowing 'unsafe-inline' inside script-src | Yes |
Blocks execution of JavaScript's eval() function by not allowing 'unsafe-eval' inside script-src | Yes |
Blocks execution of plug-ins, using object-src restrictions | Yes |
Blocks inline styles by not allowing 'unsafe-inline' inside style-src | Yes |
Blocks loading of active content over HTTP or FTP | Yes |
Blocks loading of passive content over HTTP or FTP | Yes |
Clickjacking protection, using frame-ancestors | Yes |
Deny by default, using default-src 'none' | Yes |
Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins | Yes |
Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs | Yes |