Security rating 135 out of 100 (A+).
(Last update: )
After a few modifications to the site styling, I removed "unsafe-inline" CSS from the site header. I also added Subresource Integrity. The site gets a a score of 135 out of 100 on the HTTP Observatory.
Rating: A+
There appear to be a maximum of 145 points available. I lose these points:
- 5 points because I don't use cookies and therefore don't get extra points for using them securely.
- 5 points for not adding "preloaded" in the Strict Transport Security (HSTS). But preloading is in any case not recommended.
