Comments (6)
I don't think it should be required to support CSP to get A+ because no CSP doesn't necessarily mean mixed content exists, and it's better not to embed any insecure resources in the first place.
from ssllabs-scan.
Testing port 80 should not be part of this. There are plenty of valid reasons why port 80 may be available and serving content.
Likewise CSP should not be a requirement, as its absence is indicative of nothing substantial.
from ssllabs-scan.
The only thing we could add about CSP is to detect if the server uses it to prevent third-party mixed content. Everything else is out of scope.
from ssllabs-scan.
Out of scope, at least for the time being.
from ssllabs-scan.
You may also note the 'Upgrade Insecure Requests' feature (part of CSP), that is already detected in the client test.
from ssllabs-scan.
See https://securityheaders.io/
from ssllabs-scan.
Related Issues (20)
- Outdated Server Rating Guide Visuals
- (whoops, filed this in the wrong place)
- Regarding JDK Update Issues HOT 7
- Release v1.5
- INTERNAL ERROR: test.drownattack.com HOT 1
- API v2 "getEndpointData" returns server certificate information but v3 and v4 do not HOT 2
- First
- Qualys SSL Labs scan is incorrectly capping TLS 1.3 servers to an "A" rating due to testing an obsolete functionality. HOT 2
- incorrect cipher suite order for TLS 1.3 HOT 2
- -email flag should not be required with -version flag
- (api.)dev.ssllabs.com ist not available HOT 2
- Unable to resolve domain name HOT 3
- Add HTTP/3 support HOT 2
- when will v3 API be deprecated? HOT 2
- 405 error on register HOT 1
- Detection for Server incompatibility with "post-quantum key agreement"
- Incomplete cipher detection on github.com
- Cipher Suits update value - TLS_DHE_RSA, - at 2024 are Weak
- Getting 529 response with ssllabs-scan, but WebUI works HOT 1
- New Atos/Eviden Root CAs aren't trusted HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ssllabs-scan.