HTTP Observatory Report: riot.eea.europa.eu

Score Rule                           Description
  -20 strict-transport-security      HTTP Strict Transport Security (HSTS) header not implemented.
  -20 x-frame-options                X-Frame-Options (XFO) header not implemented.
   -5 x-content-type-options         X-Content-Type-Options header not implemented.
    0 x-xss-protection               Deprecated X-XSS-Protection header not implemented.
    0 cookies                        No cookies detected.
    0 cross-origin-resource-sharing  Public content is visible via cross-origin resource sharing (CORS) Access-Control-Allow-Origin header.
    0 redirection                    Not able to connect via HTTP, so no redirection necessary.
    0 contribute                     Contribute.json isn't required on websites that don't belong to Mozilla.
    0 subresource-integrity          Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin.
    5 referrer-policy                Referrer-Policy header set to "no-referrer", "same-origin", "strict-origin" or "strict-origin-when-cross-origin".
   10 content-security-policy        Content Security Policy (CSP) implemented with default-src 'none' and no 'unsafe'.

Score: 55
Grade: C

Full Report Url: https://observatory.mozilla.org/analyze.html?host=riot.eea.europa.eu