We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GOV.UK already has an excellent security score (A+), as I can see, this tool has been used in the past, all the way back to 2016 😍
I just wanted to raise that there are a couple of minor improvements it lists:
default-src 'none'
img-src
font-src
form-action 'none'
form-action 'self'
X-Content-Type-Options
nosniff
Referrer Policy
strict-origin-when-cross-origin
You are welcome to move this into the correct repository or wherever it is more likely to be actioned.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
GOV.UK already has an excellent security score (A+), as I can see, this tool has been used in the past, all the way back to 2016 😍
I just wanted to raise that there are a couple of minor improvements it lists:
default-src 'none'on the CSP (note: this is the fallback for other media related rules e.g.img-src,font-srcetc).form-action 'none',form-action 'self', or specific URIs in the CSP.X-Content-Type-Optionsshould be set tonosniff.Referrer Policyshould bestrict-origin-when-cross-originYou are welcome to move this into the correct repository or wherever it is more likely to be actioned.
The text was updated successfully, but these errors were encountered: