HTTP Observatory Report: climate.discomap.eea.europa.eu

Score Rule                           Description
  -50 cross-origin-resource-sharing  Content is visible via cross-origin resource sharing (CORS) file or headers.
  -25 content-security-policy        Content Security Policy (CSP) header not implemented.
    0 cookies                        No cookies detected.
    0 x-xss-protection               Deprecated X-XSS-Protection header set to "1; mode=block".
    0 redirection                    Not able to connect via HTTP, so no redirection necessary.
    0 contribute                     Contribute.json isn't required on websites that don't belong to Mozilla.
    0 strict-transport-security      HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000).
    0 subresource-integrity          Subresource Integrity (SRI) is not needed since site contains no script tags.
    0 x-content-type-options         X-Content-Type-Options header set to "nosniff".
    0 x-frame-options                X-Frame-Options (XFO) header set to SAMEORIGIN or DENY.
    0 referrer-policy                Referrer-Policy header not implemented.

Score: 25
Grade: D-

Full Report Url: https://observatory.mozilla.org/analyze.html?host=climate.discomap.eea.europa.eu