{ "scan": { "algorithmVersion": 4, "grade": "B", "error": null, "score": 70, "statusCode": 200, "testsFailed": 3, "testsPassed": 7, "testsQuantity": 10, "responseHeaders": { "date": "Sun, 09 Nov 2025 08:42:04 GMT", "content-type": "text/html; charset=utf-8", "transfer-encoding": "chunked", "connection": "close", "cf-ray": "99bc03c4681e45f8-CPH", "cf-cache-status": "HIT", "access-control-allow-origin": "*", "age": "4928", "cache-control": "public, max-age=0, s-maxage=43200", "expires": "Sun, 09 Nov 2025 07:19:55 GMT", "last-modified": "Fri, 07 Nov 2025 19:06:45 GMT", "strict-transport-security": "max-age=31536000; preload", "vary": "Accept-Encoding", "access-control-expose-headers": "Request-Context", "content-security-policy": "default-src 'self' self watch.4am.ch *.analysis.windows.net *.clarity.ms *.nativechat.com *.tts.speech.microsoft.com *.who.int *.who.cloud.sitefinity.com answers.yext-pixel.com app.powerbi.com assets.sitescdn.net content.powerapps.com covidfunding.eiu.com dc.services.visualstudio.com gis.azureedge.net js.arcgis.com liveapi.yext.com liveapi-cached.yext.com pbi.azureedge.net pbipdfapp.azurewebsites.net player.4am.ch player.clevercast.com polyfill.io services.arcgis.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com tiles.arcgis.com utility.arcgisonline.com visuals.azureedge.net wabi-north-europe-redirect.analysis.windows.net westeurope.tts.speech.microsoft.com who.cloudflareaccess.com who-answers.pagescdn.com who-covid-answers.int.pagescdn.com whotest.appiancloud.com www.arcgis.com www.googleadservices.com iris.who.int kendo.cdn.telerik.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com https://cse.google.com clients1.google.com cse.google.com/adsense/search/async-ads.js https://partner.googleadservices.com https://*.fundraiseup.com https://*.stripe.com https://m.stripe.network https://pay.google.com https://google.com/pay https://*.paypal.com https://*.paypalobjects.com https://app-script.monsido.com/v2/monsido-script.js https://heatmaps.monsido.com/ https://tracking.monsido.com/ https://pagecorrect.monsido.com/v1/page-correct.js https://cdn.monsido.com/ 'unsafe-eval' 'unsafe-inline' data: apps.who.int/gho/athena/data/ *.clarity.ms *.doubleclick.net *.eloqua.com *.en25.com *.googletagmanager.com *.jwpcdn.com *.msecnd.net *.nativechat.com *.pingdom.net *.sharethis.com assets.pinterest.com assets.sitescdn.net cdn.ampproject.org cdn.insight.sitefinity.com cdn.jsdelivr.net covidfunding.eiu.com https://dec.azureedge.net/ https://www.youtube.com/iframe_api js.arcgis.com js.hs-analytics.net js.hs-scripts.com kendo.cdn.telerik.com munchkin.marketo.net npmcdn.com polyfill.io public.tableau.com services.arcgis.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com storage.googleapis.com tagmanager.google.com tiles.arcgis.com utility.arcgisonline.com who-answers.pagescdn.com who-covid-answers.int.pagescdn.com whosearch.searchblox.com www.arcgis.com www.clarity.ms www.googletagmanager.com www.who.int www.youtube.com youtu.be app-script.monsido.com unpkg.com /js/isotope.pkgd.js https://heatmaps.monsido.com/v1/heatmaps.js https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js web-chat.nativechat.com; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com self watch.4am.ch 'unsafe-inline' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com *.nativechat.com *.sharethis.com cdn.insight.sitefinity.com cdnjs.cloudflare.com https://dec.azureedge.net https://cdn.fundraiseup.com use.fontawesome.com www.who.int player.4am.ch player.clevercast.com whosearch.searchblox.com tagmanager.google.com blob: https://cdn.insight.sitefinity.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com self https://*.fundraiseup.com https://ucarecdn.com https://pay.google.com https://google.com/pay https://*.paypalobjects.com tracking.monsido.com iris.who.int tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com cdn.insight.sitefinity.com js.arcgis.com *.nativechat.com *.sharethis.com *.google-analytics.com *.clarity.ms https://delicious.com https://dec.azureedge.net https://apps.who.int https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com stats.g.doubleclick.net *.who.int *.who.cloud.sitefinity.com yt3.ggpht.com addthis.com *.googleusercontent.com *.googletagmanager.com script.hotjar.com www.addthis.com log.pinterest.com whosearch.searchblox.com app.powerbi.com pbi.azureedge.net kendo.cdn.telerik.com img.youtube.com *.analytics.google.com *.g.doubleclick.net *.google.com whpelasticdsta01.blob.core.windows.net whpelasticpsta01.blob.core.windows.net whointsfcloudmedia.blob.core.windows.net https://cdn.insight.sitefinity.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: watch.4am.ch https://*.fundraiseup.com https://*.stripe.com tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com *.nativechat.com *.sharethis.com use.fontawesome.com www.who.int player.4am.ch player.clevercast.com whosearch.searchblox.com script.hotjar.com app.powerbi.com pbi.azureedge.net *.clarity.ms cdn.jsdelivr.net; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://syndicatedsearch.goog https://www.google.com/ watch.4am.ch https://*.fundraiseup.com https://*.stripe.com https://*.paypal.com https://pay.google.com https://google.com/pay www.ustream.tv https://video.ibm.com *.kunstmatrix.com *.doubleclick.net *.nativechat.com *.sitefinity.cloud *.who.int *.who.cloud.sitefinity.com app.powerbi.com app.sli.do apps.who.int assets.pinterest.com covidfunding.eiu.com creativecommons.org experience.arcgis.com html5-player.libsyn.com js.arcgis.com pbi.azureedge.net platform.twitter.com player.4am.ch player.clevercast.com player.vimeo.com vimeo.com public.tableau.com services.arcgis.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com syndication.twitter.com tiles.arcgis.com utility.arcgisonline.com wabi-north-europe-g-primary-redirect.analysis.windows.net who.maps.arcgis.com who-answers.pagescdn.com who-covid-answers.int.pagescdn.com whotest.appiancloud.com www.arcgis.com www.youtube.com www.youtube-nocookie.com youtube-nocookie.com https://app.powerbi.com/ https://cdn.fundraiseup.com appianportals.com https://www.googletagmanager.com/ web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://fndrsp.net https://fndrsp-checkout.net https://*.fundraiseup.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://pay.google.com https://google.com/pay https://api.addressy.com whpelasticdsta01.blob.core.windows.net whpelasticpsta01.blob.core.windows.net heatmaps.monsido.com tracking.monsido.com frontdoor-l4uikgap6gz3m.azurefd.net whotest.appiancloud.com geocode.arcgis.com tiles.arcgis.com www.arcgis.com services.arcgis.com static.arcgis.com utility.arcgisonline.com js.arcgis.com cdn.jsdelivr.net stats.g.doubleclick.net https://*.dec.sitefinity.com *.nativechat.com *.mktoresp.com *.who.int *.who.cloud.sitefinity.com *.clarity.ms dc.services.visualstudio.com whosearch.searchblox.com smartsuggest.searchblox.com m.addthis.com liveapi-cached.yext.com liveapi.yext.com answers.yext-pixel.com wss://westeurope.tts.speech.microsoft.com in.hotjar.com wss://*.hotjar.com *.hotjar.com vc.hotjar.io app.powerbi.com pbi.azureedge.net pbipdfapp.azurewebsites.net wabi-north-europe-redirect.analysis.windows.net *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://*.insight.sitefinity.com; media-src 'self' data: blob: tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com terrance.who.int *.who.int *.who.cloud.sitefinity.com; child-src 'self' blob: tiles.arcgis.com www.arcgis.com apps.who.int/gho/athena/data/ services.arcgis.com utility.arcgisonline.com js.arcgis.com *.nativechat.com https://vimeo.com www.who.int web-chat.nativechat.com; frame-ancestors tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com app.powerbi.com pbi.azureedge.net *.who.int *.who.cloud.sitefinity.com appianportals.com 'self'; object-src tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com app.powerbi.com pbi.azureedge.net pbipdfapp.azurewebsites.net wabi-north-europe-redirect.analysis.windows.net 'self'", "referrer-policy": "no-referrer-when-downgrade", "request-context": "appId=cid-v1:de8aa419-25cb-497c-a74e-dd1c159376e3", "sf-cache-key": "fwt5iLLyvmvDYVwL6skgK1Wb27hJmO53hZVZqnxHscg1", "sf-cache-status": "HIT", "x-content-type-options": "nosniff", "x-frame-options": "SAMEORIGIN", "x-instance-name": "wn1ldwk000P3E", "x-xss-protection": "1; mode=block", "server": "cloudflare", "alt-svc": "h3=\":443\"; ma=86400" } }, "tests": { "content-security-policy": { "expectation": "csp-implemented-with-no-unsafe", "pass": false, "result": "csp-implemented-with-unsafe-inline", "scoreModifier": -20, "data": { "default-src": [ "'self'", "*.analysis.windows.net", "*.clarity.ms", "*.nativechat.com", "*.tts.speech.microsoft.com", "*.who.cloud.sitefinity.com", "*.who.int", "answers.yext-pixel.com", "app.powerbi.com", "assets.sitescdn.net", "content.powerapps.com", "covidfunding.eiu.com", "dc.services.visualstudio.com", "gis.azureedge.net", "iris.who.int", "js.arcgis.com", "kendo.cdn.telerik.com", "liveapi-cached.yext.com", "liveapi.yext.com", "pbi.azureedge.net", "pbipdfapp.azurewebsites.net", "player.4am.ch", "player.clevercast.com", "polyfill.io", "self", "services.arcgis.com", "staging-dot-eiu-wellcome-7664.nw.r.appspot.com", "tiles.arcgis.com", "utility.arcgisonline.com", "visuals.azureedge.net", "wabi-north-europe-redirect.analysis.windows.net", "watch.4am.ch", "westeurope.tts.speech.microsoft.com", "who-answers.pagescdn.com", "who-covid-answers.int.pagescdn.com", "who.cloudflareaccess.com", "whotest.appiancloud.com", "www.arcgis.com", "www.googleadservices.com" ], "script-src": [ "'self'", "'unsafe-eval'", "'unsafe-inline'", "*.clarity.ms", "*.doubleclick.net", "*.eloqua.com", "*.en25.com", "*.google-analytics.com", "*.googleapis.com", "*.googletagmanager.com", "*.gstatic.com", "*.jwpcdn.com", "*.msecnd.net", "*.nativechat.com", "*.pingdom.net", "*.sharethis.com", "*.twimg.com", "/js/isotope.pkgd.js", "ajax.aspnetcdn.com", "apis.google.com", "app-script.monsido.com", "apps.who.int/gho/athena/data/", "assets.pinterest.com", "assets.sitescdn.net", "cdn.ampproject.org", "cdn.insight.sitefinity.com", "cdn.jsdelivr.net", "cdnjs.cloudflare.com", "clients1.google.com", "connect.facebook.net", "covidfunding.eiu.com", "cse.google.com/adsense/search/async-ads.js", "data:", "http://platform.stumbleupon.com/1/widgets.js", "https://*.fundraiseup.com", "https://*.googletagmanager.com", "https://*.paypal.com", "https://*.paypalobjects.com", "https://*.stripe.com", "https://app-script.monsido.com/v2/monsido-script.js", "https://cdn.insight.sitefinity.com", "https://cdn.monsido.com/", "https://cse.google.com", "https://dec.azureedge.net", "https://google.com/pay", "https://heatmaps.monsido.com/", "https://m.stripe.network", "https://pagecorrect.monsido.com/v1/page-correct.js", "https://partner.googleadservices.com", "https://pay.google.com", "https://player.vimeo.com/api/player.js", "https://publish.twitter.com", "https://s.ytimg.com", "https://syndication.twitter.com/", "https://tracking.monsido.com/", "https://www.youtube.com", "js.arcgis.com", "js.hs-analytics.net", "js.hs-scripts.com", "kendo.cdn.telerik.com", "munchkin.marketo.net", "npmcdn.com", "platform.linkedin.com", "platform.twitter.com", "polyfill.io", "public.tableau.com", "services.arcgis.com", "staging-dot-eiu-wellcome-7664.nw.r.appspot.com", "storage.googleapis.com", "tagmanager.google.com", "tiles.arcgis.com", "unpkg.com", "utility.arcgisonline.com", "web-chat.nativechat.com", "who-answers.pagescdn.com", "who-covid-answers.int.pagescdn.com", "whosearch.searchblox.com", "www.arcgis.com", "www.clarity.ms", "www.google.com", "www.googletagmanager.com", "www.who.int", "www.youtube.com", "youtu.be" ], "style-src": [ "'self'", "'unsafe-inline'", "*.googleapis.com", "*.gstatic.com", "*.nativechat.com", "*.sharethis.com", "*.twimg.com", "blob:", "cdn.insight.sitefinity.com", "cdnjs.cloudflare.com", "https://cdn.fundraiseup.com", "https://cdn.insight.sitefinity.com", "https://dec.azureedge.net", "js.arcgis.com", "kendo.cdn.telerik.com", "netdna.bootstrapcdn.com", "platform.twitter.com/css/", "player.4am.ch", "player.clevercast.com", "self", "services.arcgis.com", "tagmanager.google.com", "tiles.arcgis.com", "use.fontawesome.com", "utility.arcgisonline.com", "watch.4am.ch", "web-chat.nativechat.com", "whosearch.searchblox.com", "www.arcgis.com", "www.google.com", "www.who.int" ], "img-src": [ "'self'", "*.analytics.google.com", "*.clarity.ms", "*.eloqua.com", "*.g.doubleclick.net", "*.google-analytics.com", "*.google.com", "*.googleapis.com", "*.googletagmanager.com", "*.googleusercontent.com", "*.gstatic.com", "*.nativechat.com", "*.sharethis.com", "*.twimg.com", "*.who.cloud.sitefinity.com", "*.who.int", "addthis.com", "app.powerbi.com", "blob:", "cdn.insight.sitefinity.com", "data:", "https://*.dec.sitefinity.com", "https://*.fundraiseup.com", "https://*.googletagmanager.com", "https://*.paypalobjects.com", "https://apps.who.int", "https://cdn.insight.sitefinity.com", "https://dec.azureedge.net", "https://delicious.com", "https://google.com/pay", "https://pay.google.com", "https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png", "https://syndication.twitter.com", "https://ucarecdn.com", "i.ytimg.com", "img.youtube.com", "iris.who.int", "js.arcgis.com", "kendo.cdn.telerik.com", "log.pinterest.com", "pbi.azureedge.net", "pbs.twimg.com", "platform.tumblr.com", "platform.twitter.com/css/", "script.hotjar.com", "self", "services.arcgis.com", "stats.g.doubleclick.net", "tiles.arcgis.com", "track.hubspot.com", "tracking.monsido.com", "utility.arcgisonline.com", "web-chat.nativechat.com", "web.facebook.com", "whointsfcloudmedia.blob.core.windows.net", "whosearch.searchblox.com", "whpelasticdsta01.blob.core.windows.net", "whpelasticpsta01.blob.core.windows.net", "www.addthis.com", "www.arcgis.com", "www.facebook.com", "www.linkedin.com", "www.redditstatic.com", "yt3.ggpht.com" ], "font-src": [ "'self'", "*.clarity.ms", "*.nativechat.com", "*.sharethis.com", "app.powerbi.com", "cdn.jsdelivr.net", "data:", "fonts.gstatic.com", "https://*.fundraiseup.com", "https://*.stripe.com", "js.arcgis.com", "kendo.cdn.telerik.com", "netdna.bootstrapcdn.com", "pbi.azureedge.net", "player.4am.ch", "player.clevercast.com", "script.hotjar.com", "services.arcgis.com", "tiles.arcgis.com", "use.fontawesome.com", "utility.arcgisonline.com", "watch.4am.ch", "whosearch.searchblox.com", "www.arcgis.com", "www.who.int" ], "frame-src": [ "'self'", "*.doubleclick.net", "*.kunstmatrix.com", "*.nativechat.com", "*.sitefinity.cloud", "*.who.cloud.sitefinity.com", "*.who.int", "accounts.google.com", "apis.google.com", "app.powerbi.com", "app.sli.do", "appianportals.com", "apps.who.int", "assets.pinterest.com", "badge.stumbleupon.com", "covidfunding.eiu.com", "creativecommons.org", "experience.arcgis.com", "html5-player.libsyn.com", "https://*.fundraiseup.com", "https://*.paypal.com", "https://*.stripe.com", "https://app.powerbi.com/", "https://cdn.fundraiseup.com", "https://google.com/pay", "https://pay.google.com", "https://platform.twitter.com/", "https://player.vimeo.com/", "https://syndicatedsearch.goog", "https://syndication.twitter.com/", "https://video.ibm.com", "https://w.soundcloud.com/", "https://www.google.com/", "https://www.googletagmanager.com/", "https://www.youtube-nocookie.com", "https://www.youtube.com/", "js.arcgis.com", "pbi.azureedge.net", "platform.twitter.com", "player.4am.ch", "player.clevercast.com", "player.vimeo.com", "public.tableau.com", "services.arcgis.com", "staging-dot-eiu-wellcome-7664.nw.r.appspot.com", "staticxx.facebook.com", "syndication.twitter.com", "tiles.arcgis.com", "utility.arcgisonline.com", "vimeo.com", "wabi-north-europe-g-primary-redirect.analysis.windows.net", "watch.4am.ch", "web-chat.nativechat.com", "web.facebook.com", "who-answers.pagescdn.com", "who-covid-answers.int.pagescdn.com", "who.maps.arcgis.com", "whotest.appiancloud.com", "www.arcgis.com", "www.facebook.com", "www.ustream.tv", "www.youtube-nocookie.com", "www.youtube.com", "youtube-nocookie.com" ], "connect-src": [ "'self'", "*.analytics.google.com", "*.clarity.ms", "*.g.doubleclick.net", "*.google-analytics.com", "*.google.com", "*.googletagmanager.com", "*.gstatic.com", "*.hotjar.com", "*.mktoresp.com", "*.nativechat.com", "*.who.cloud.sitefinity.com", "*.who.int", "accounts.google.com", "answers.yext-pixel.com", "app.powerbi.com", "cdn.jsdelivr.net", "data:", "dc.services.visualstudio.com", "frontdoor-l4uikgap6gz3m.azurefd.net", "geocode.arcgis.com", "heatmaps.monsido.com", "https://*.dec.sitefinity.com", "https://*.fundraiseup.com", "https://*.googletagmanager.com", "https://*.insight.sitefinity.com", "https://*.paypal.com", "https://*.paypalobjects.com", "https://*.stripe.com", "https://api.addressy.com", "https://fndrsp-checkout.net", "https://fndrsp.net", "https://google.com/pay", "https://pay.google.com", "in.hotjar.com", "js.arcgis.com", "liveapi-cached.yext.com", "liveapi.yext.com", "m.addthis.com", "pbi.azureedge.net", "pbipdfapp.azurewebsites.net", "services.arcgis.com", "smartsuggest.searchblox.com", "static.arcgis.com", "stats.g.doubleclick.net", "tiles.arcgis.com", "tracking.monsido.com", "utility.arcgisonline.com", "vc.hotjar.io", "wabi-north-europe-redirect.analysis.windows.net", "whosearch.searchblox.com", "whotest.appiancloud.com", "whpelasticdsta01.blob.core.windows.net", "whpelasticpsta01.blob.core.windows.net", "wss://*.hotjar.com", "wss://westeurope.tts.speech.microsoft.com", "www.arcgis.com" ], "media-src": [ "'self'", "*.who.cloud.sitefinity.com", "*.who.int", "blob:", "data:", "js.arcgis.com", "services.arcgis.com", "terrance.who.int", "tiles.arcgis.com", "utility.arcgisonline.com", "www.arcgis.com" ], "child-src": [ "'self'", "*.nativechat.com", "apps.who.int/gho/athena/data/", "blob:", "https://vimeo.com", "js.arcgis.com", "services.arcgis.com", "tiles.arcgis.com", "utility.arcgisonline.com", "web-chat.nativechat.com", "www.arcgis.com", "www.who.int" ], "frame-ancestors": [ "'self'", "*.who.cloud.sitefinity.com", "*.who.int", "app.powerbi.com", "appianportals.com", "js.arcgis.com", "pbi.azureedge.net", "services.arcgis.com", "tiles.arcgis.com", "utility.arcgisonline.com", "www.arcgis.com" ], "object-src": [ "'self'", "app.powerbi.com", "js.arcgis.com", "pbi.azureedge.net", "pbipdfapp.azurewebsites.net", "services.arcgis.com", "tiles.arcgis.com", "utility.arcgisonline.com", "wabi-north-europe-redirect.analysis.windows.net", "www.arcgis.com" ] }, "http": true, "meta": false, "policy": { "antiClickjacking": true, "defaultNone": false, "insecureBaseUri": true, "insecureFormAction": true, "insecureSchemeActive": true, "insecureSchemePassive": false, "strictDynamic": false, "unsafeEval": true, "unsafeInline": true, "unsafeInlineStyle": true, "unsafeObjects": false }, "numPolicies": 1 }, "cookies": { "expectation": "cookies-secure-with-httponly-sessions", "pass": true, "result": "cookies-not-found", "scoreModifier": 0, "data": null, "sameSite": false }, "cross-origin-resource-sharing": { "expectation": "cross-origin-resource-sharing-not-implemented", "pass": true, "result": "cross-origin-resource-sharing-implemented-with-public-access", "scoreModifier": 0, "data": "*" }, "redirection": { "expectation": "redirection-to-https", "pass": true, "result": "redirection-to-https", "scoreModifier": 0, "destination": "https://www.who.int/", "redirects": true, "route": [ "http://www.who.int/", "https://www.who.int/" ], "statusCode": 200 }, "referrer-policy": { "expectation": "referrer-policy-private", "pass": false, "result": "referrer-policy-unsafe", "scoreModifier": -5, "data": "no-referrer-when-downgrade", "http": true, "meta": false }, "strict-transport-security": { "expectation": "hsts-implemented-max-age-at-least-six-months", "pass": true, "result": "hsts-implemented-max-age-at-least-six-months", "scoreModifier": 0, "data": "max-age=31536000; preload", "includeSubDomains": false, "maxAge": 31536000, "preload": true, "preloaded": false }, "subresource-integrity": { "expectation": "sri-implemented-and-external-scripts-loaded-securely", "pass": false, "result": "sri-not-implemented-but-external-scripts-loaded-securely", "scoreModifier": -5, "data": { "https://kendo.cdn.telerik.com/2021.1.119/js/kendo.all.min.js": { "crossorigin": null, "integrity": null }, "https://kendo.cdn.telerik.com/2021.1.119/js/kendo.timezones.min.js": { "crossorigin": null, "integrity": null }, "https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.4/gsap.min.js": { "crossorigin": null, "integrity": null }, "https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.4/ScrollTrigger.min.js": { "crossorigin": null, "integrity": null }, "https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.4/ScrollToPlugin.min.js": { "crossorigin": null, "integrity": null } } }, "x-content-type-options": { "expectation": "x-content-type-options-nosniff", "pass": true, "result": "x-content-type-options-nosniff", "scoreModifier": 0, "data": "nosniff" }, "x-frame-options": { "expectation": "x-frame-options-sameorigin-or-deny", "pass": true, "result": "x-frame-options-implemented-via-csp", "scoreModifier": 5, "data": "SAMEORIGIN" }, "cross-origin-resource-policy": { "expectation": "corp-implemented-with-same-site", "pass": true, "result": "corp-not-implemented", "scoreModifier": 0, "data": null, "http": false, "meta": false } } }