Observatory by Mozilla helps websites by teaching developers, system administrators, and security professionals how to configure their sites safely and securely.
Let's take a look at the scores Observatory gives for a fairly straightforward Static Buildpack app, https://2017.keeprubyweird.com.
Test Scores
| Test | Pass | Score | Explanation |
|---|---|---|---|
| Content Security Policy | -25 | Content Security Policy (CSP) header not implemented | |
| Cookies | ― | 0 | No cookies detected |
| Cross-origin Resource Sharing | 0 | Content is not visible via cross-origin resource sharing (CORS) files or headers | |
| HTTP Public Key Pinning | ― | 0 | HTTP Public Key Pinning (HPKP) header not implemented (optional) |
| HTTP Strict Transport... |