search

Webperf-se / webperf_core

webperf-core is an open-source testing suite tailored to help you improve your digital presence in areas like web performance, security and accessibility to email best practice using many small improvements.
https://webperf.se/articles/webperf-core/
MIT License
19 stars 30 forks source link

SRI not included in review if CSP-ONLY is not set #661

Open 7h3Rabbit opened 5 days ago

7h3Rabbit commented 5 days ago

URL

https://webperf.se

Webperf_core version

lastest

What environment are you running?

Has anyone else reported it already?

Expected Behavior

{"tests": [{"site_id": 0, "type_of_test": 21, "rating": 2.56, "rating_sec": 2.46, "rating_perf": -1.0, "rating_a11y": -1.0, "rating_stand": 5.0, "date": "2024-10-08T13:42:35.532744", "report": "", "report_sec": "- webperf.se, Content Security Policy (CSP) ( 3.93 rating )\r\n- webperf.se, Subresource Integrity (SRI) is required ( 1.00 rating )\r\n", "report_perf": "", "report_a11y": "", "report_stand": "", "data": "{\"visits\": 1, \"webperf.se\": {\"protocols\": [\"HTTP/2\"], \"schemes\": [\"HTTPS\"], \"ip-versions\": [\"IPv4\"], \"transport-layers\": [], \"features\": [\"CSP-HEADER-FOUND\", \"HSTS\", \"HSTS-HEADER-MAXAGE-1YEAR\", \"HSTS-HEADER-MAXAGE-FOUND\", \"HSTS-HEADER-PRELOAD-FOUND\", \"HSTS-HEADER-SUBDOMAINS-FOUND\", \"HTML-FOUND\"], \"csp-findings\": {\"quotes\": [\"'unsafe-inline'|style\", \"'unsafe-inline'|script\", \"'self'|img\"], \"host-sources\": [\"cdn.webperf.se|img\", \"cdn.webperf.se|script\", \"cdn.webperf.se|style\", \"stats.tba.nu|script\", \"cdn.webperf.se|font\", \"stats.tba.nu|connect\"], \"scheme-sources\": [\"https:\", \"data:|img\"], \"font-sources\": []}, \"csp-objects\": {\"default-src\": {\"name\": \"default-src\", \"all\": [\"'self'\", \"cdn.webperf.se\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [], \"subdomains\": [\"cdn.webperf.se\"], \"wildcard-subdomains\": []}, \"base-uri\": {\"name\": \"base-uri\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"script-src\": {\"name\": \"script-src\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"connect-src\": {\"name\": \"connect-src\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"form-action\": {\"name\": \"form-action\", \"all\": [\"'self'\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [], \"subdomains\": [], \"wildcard-subdomains\": []}, \"manifest-src\": {\"name\": \"manifest-src\", \"all\": [\"'self'\", \"data:\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"data:\"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"font-src\": {\"name\": \"font-src\", \"all\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"child-src\": {\"name\": \"child-src\", \"all\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://www.youtube-nocookie.com\](https://www.youtube-nocookie.com/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://www.youtube-nocookie.com\](https://www.youtube-nocookie.com/)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://www.youtube-nocookie.com\](https://www.youtube-nocookie.com/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"frame-src\": {\"name\": \"frame-src\", \"all\": [\"[https://www.youtube-nocookie.com\](https://www.youtube-nocookie.com/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://www.youtube-nocookie.com\](https://www.youtube-nocookie.com/)"], \"schemes\": [\"[https://www.youtube-nocookie.com\](https://www.youtube-nocookie.com/)"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"frame-ancestors\": {\"name\": \"frame-ancestors\", \"all\": [\"'self'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"worker-src\": {\"name\": \"worker-src\", \"all\": [\"'self'\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [], \"subdomains\": [], \"wildcard-subdomains\": []}, \"style-src\": {\"name\": \"style-src\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"img-src\": {\"name\": \"img-src\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"style-src-attr\": {\"name\": \"style-src-attr\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"style-src-elem\": {\"name\": \"style-src-elem\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"script-src-attr\": {\"name\": \"script-src-attr\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"script-src-elem\": {\"name\": \"script-src-elem\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"media-src\": {\"name\": \"media-src\", \"all\": [\"'self'\", \"cdn.webperf.se\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [], \"subdomains\": [\"cdn.webperf.se\"], \"wildcard-subdomains\": []}, \"object-src\": {\"name\": \"object-src\", \"all\": [\"'self'\", \"cdn.webperf.se\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [], \"subdomains\": [\"cdn.webperf.se\"], \"wildcard-subdomains\": []}}, \"sri-findings\": {\"sri-candidates\": [\"<link href=\\\"[https://cdn.webperf.se/2.0/css/bootstrap.min.css\\\](https://cdn.webperf.se/2.0/css/bootstrap.min.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/owl.carousel.min.css\\\](https://cdn.webperf.se/2.0/css/owl.carousel.min.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/owl.theme.default.min.css\\\](https://cdn.webperf.se/2.0/css/owl.theme.default.min.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/style.css\\\](https://cdn.webperf.se/2.0/css/style.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/widgets.css\\\](https://cdn.webperf.se/2.0/css/widgets.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/color-default.css\\\](https://cdn.webperf.se/2.0/css/color-default.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/responsive.css\\\](https://cdn.webperf.se/2.0/css/responsive.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/css/google-fonts.css\\\](https://cdn.webperf.se/css/google-fonts.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/fontello.css\\\](https://cdn.webperf.se/2.0/css/fontello.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/custom.css\\\](https://cdn.webperf.se/2.0/css/custom.css///)" rel=\\\"stylesheet\\\">\", \"<script src=\\\"[https://cdn.webperf.se/2.0/js/jquery-2.2.4.min.js\\\](https://cdn.webperf.se/2.0/js/jquery-2.2.4.min.js///)">\", \"<script src=\\\"[https://cdn.webperf.se/2.0/js/bootstrap.js\\\](https://cdn.webperf.se/2.0/js/bootstrap.js///)">\", \"<script src=\\\"[https://cdn.webperf.se/2.0/js/jquery-scrolltofixed-min.js\\\](https://cdn.webperf.se/2.0/js/jquery-scrolltofixed-min.js///)">\", \"<script src=\\\"[https://cdn.webperf.se/2.0/js/theia-sticky-sidebar.js\\\](https://cdn.webperf.se/2.0/js/theia-sticky-sidebar.js///)">\", \"<script src=\\\"[https://cdn.webperf.se/2.0/js/scripts.js\\\](https://cdn.webperf.se/2.0/js/scripts.js///)">\"]}}, \"cdn.webperf.se\": {\"protocols\": [\"HTTP/2\", \"HTTP/3\"], \"schemes\": [\"HTTPS\"], \"ip-versions\": [\"IPv4\"], \"transport-layers\": [], \"features\": [\"CSP-HEADER-FOUND\"], \"csp-objects\": {\"default-src\": {\"name\": \"default-src\", \"all\": [\"'self'\", \"cdn.webperf.se\", \"webperf.se\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"webperf.se\"], \"schemes\": [], \"subdomains\": [\"cdn.webperf.se\"], \"wildcard-subdomains\": []}, \"base-uri\": {\"name\": \"base-uri\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se\](https://webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se\](https://webperf.se/)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se\](https://webperf.se/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"script-src\": {\"name\": \"script-src\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"frame-ancestors\": {\"name\": \"frame-ancestors\", \"all\": [\"'self'\", \"cdn.webperf.se\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"cdn.webperf.se\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"connect-src\": {\"name\": \"connect-src\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se\](https://webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se\](https://webperf.se/)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se\](https://webperf.se/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"form-action\": {\"name\": \"form-action\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se\](https://webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se\](https://webperf.se/)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se\](https://webperf.se/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"manifest-src\": {\"name\": \"manifest-src\", \"all\": [\"'self'\", \"data:\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"data:\"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"font-src\": {\"name\": \"font-src\", \"all\": [\"'self'\", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"child-src\": {\"name\": \"child-src\", \"all\": [\"'self'\", \"[https://webperf.se\](https://webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se\](https://webperf.se/)"], \"schemes\": [\"[https://webperf.se\](https://webperf.se/)"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"worker-src\": {\"name\": \"worker-src\", \"all\": [\"'self'\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [], \"subdomains\": [], \"wildcard-subdomains\": []}, \"style-src\": {\"name\": \"style-src\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"img-src\": {\"name\": \"img-src\", \"all\": [\"'self'\", \"[https://webperf.se\](https://webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se\](https://webperf.se/)"], \"schemes\": [\"[https://webperf.se\](https://webperf.se/)"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"style-src-attr\": {\"name\": \"style-src-attr\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"style-src-elem\": {\"name\": \"style-src-elem\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"script-src-attr\": {\"name\": \"script-src-attr\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"script-src-elem\": {\"name\": \"script-src-elem\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"frame-src\": {\"name\": \"frame-src\", \"all\": [\"'self'\", \"[https://webperf.se\](https://webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se\](https://webperf.se/)"], \"schemes\": [\"[https://webperf.se\](https://webperf.se/)"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"media-src\": {\"name\": \"media-src\", \"all\": [\"'self'\", \"cdn.webperf.se\", \"webperf.se\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"webperf.se\"], \"schemes\": [], \"subdomains\": [\"cdn.webperf.se\"], \"wildcard-subdomains\": []}, \"object-src\": {\"name\": \"object-src\", \"all\": [\"'self'\", \"cdn.webperf.se\", \"webperf.se\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"webperf.se\"], \"schemes\": [], \"subdomains\": [\"cdn.webperf.se\"], \"wildcard-subdomains\": []}}}, \"stats.tba.nu\": {\"protocols\": [\"HTTP/2\"], \"schemes\": [\"HTTPS\"], \"ip-versions\": [\"IPv4\"], \"transport-layers\": [], \"features\": [\"SRI-COMPLIANT\"]}, \"nof_pages\": 1}"}]}

Actual Behavior.

{"tests": [{"site_id": 0, "type_of_test": 21, "rating": 4.75, "rating_sec": 4.76, "rating_perf": -1.0, "rating_a11y": -1.0, "rating_stand": 4.71, "date": "2024-10-08T13:49:02.239591", "report": "", "report_sec": "- webperf.se, Content Security Policy (CSP) ( 3.93 rating )\r\n- cdn.webperf.se, Only parent HSTS used, child should also use HSTS ( 4.99 rating )\r\n- stats.tba.nu, Is NOT using HSTS ( 1.00 rating )\r\n", "report_perf": "", "report_a11y": "", "report_stand": "- stats.tba.nu, No HTTPv3 support ( 1.00 rating )\r\n- stats.tba.nu, Is NOT using HSTS ( 1.00 rating )\r\n", "data": "{\"visits\": 5, \"webperf.se\": {\"protocols\": [\"HTTP/1.1\", \"HTTP/2\", \"HTTP/3\"], \"schemes\": [\"HTTP\", \"HTTPS\", \"HTTPS-REDIRECT\", \"HTTPS-REDIRECT*\"], \"ip-versions\": [\"IPv4\", \"IPv6*\"], \"transport-layers\": [\"TLSv1.2\", \"TLSv1.3\"], \"features\": [\"CSP-HEADER-FOUND\", \"HSTS\", \"HSTS-HEADER-MAXAGE-1YEAR\", \"HSTS-HEADER-MAXAGE-FOUND\", \"HSTS-HEADER-PRELOAD-FOUND\", \"HSTS-HEADER-SUBDOMAINS-FOUND\", \"HTML-FOUND\", \"SRI-COMPLIANT\"], \"csp-findings\": {\"quotes\": [\"'self'|connect\", \"'self'|img\", \"'unsafe-inline'|script\", \"'unsafe-inline'|style\"], \"host-sources\": [\"cdn.webperf.se|connect\", \"cdn.webperf.se|font\", \"cdn.webperf.se|img\", \"cdn.webperf.se|script\", \"cdn.webperf.se|style\", \"stats.tba.nu|connect\", \"stats.tba.nu|script\"], \"scheme-sources\": [\"data:|img\", \"https:\"], \"font-sources\": []}, \"csp-objects\": {\"default-src\": {\"name\": \"default-src\", \"all\": [\"'self'\", \"cdn.webperf.se\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [], \"subdomains\": [\"cdn.webperf.se\"], \"wildcard-subdomains\": []}, \"base-uri\": {\"name\": \"base-uri\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"script-src\": {\"name\": \"script-src\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"connect-src\": {\"name\": \"connect-src\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"form-action\": {\"name\": \"form-action\", \"all\": [\"'self'\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [], \"subdomains\": [], \"wildcard-subdomains\": []}, \"manifest-src\": {\"name\": \"manifest-src\", \"all\": [\"'self'\", \"data:\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"data:\"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"font-src\": {\"name\": \"font-src\", \"all\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"child-src\": {\"name\": \"child-src\", \"all\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://www.youtube-nocookie.com\](https://www.youtube-nocookie.com/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://www.youtube-nocookie.com\](https://www.youtube-nocookie.com/)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://www.youtube-nocookie.com\](https://www.youtube-nocookie.com/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"frame-src\": {\"name\": \"frame-src\", \"all\": [\"[https://www.youtube-nocookie.com\](https://www.youtube-nocookie.com/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://www.youtube-nocookie.com\](https://www.youtube-nocookie.com/)"], \"schemes\": [\"[https://www.youtube-nocookie.com\](https://www.youtube-nocookie.com/)"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"frame-ancestors\": {\"name\": \"frame-ancestors\", \"all\": [\"'self'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"worker-src\": {\"name\": \"worker-src\", \"all\": [\"'self'\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [], \"subdomains\": [], \"wildcard-subdomains\": []}, \"style-src\": {\"name\": \"style-src\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"img-src\": {\"name\": \"img-src\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"style-src-attr\": {\"name\": \"style-src-attr\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"style-src-elem\": {\"name\": \"style-src-elem\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"script-src-attr\": {\"name\": \"script-src-attr\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"script-src-elem\": {\"name\": \"script-src-elem\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"schemes\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)", \"[https://stats.tba.nu\](https://stats.tba.nu/)"], \"subdomains\": [\"[https://cdn.webperf.se/\](https://cdn.webperf.se//)"], \"wildcard-subdomains\": []}, \"media-src\": {\"name\": \"media-src\", \"all\": [\"'self'\", \"cdn.webperf.se\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [], \"subdomains\": [\"cdn.webperf.se\"], \"wildcard-subdomains\": []}, \"object-src\": {\"name\": \"object-src\", \"all\": [\"'self'\", \"cdn.webperf.se\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [], \"subdomains\": [\"cdn.webperf.se\"], \"wildcard-subdomains\": []}}, \"sri-findings\": {\"sri-candidates\": [\"<link href=\\\"[https://cdn.webperf.se/2.0/css/bootstrap.min.css\\\](https://cdn.webperf.se/2.0/css/bootstrap.min.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/owl.carousel.min.css\\\](https://cdn.webperf.se/2.0/css/owl.carousel.min.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/owl.theme.default.min.css\\\](https://cdn.webperf.se/2.0/css/owl.theme.default.min.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/style.css\\\](https://cdn.webperf.se/2.0/css/style.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/widgets.css\\\](https://cdn.webperf.se/2.0/css/widgets.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/color-default.css\\\](https://cdn.webperf.se/2.0/css/color-default.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/responsive.css\\\](https://cdn.webperf.se/2.0/css/responsive.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/css/google-fonts.css\\\](https://cdn.webperf.se/css/google-fonts.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/fontello.css\\\](https://cdn.webperf.se/2.0/css/fontello.css///)" rel=\\\"stylesheet\\\">\", \"<link href=\\\"[https://cdn.webperf.se/2.0/css/custom.css\\\](https://cdn.webperf.se/2.0/css/custom.css///)" rel=\\\"stylesheet\\\">\", \"<script src=\\\"[https://cdn.webperf.se/2.0/js/jquery-2.2.4.min.js\\\](https://cdn.webperf.se/2.0/js/jquery-2.2.4.min.js///)">\", \"<script src=\\\"[https://cdn.webperf.se/2.0/js/bootstrap.js\\\](https://cdn.webperf.se/2.0/js/bootstrap.js///)">\", \"<script src=\\\"[https://cdn.webperf.se/2.0/js/jquery-scrolltofixed-min.js\\\](https://cdn.webperf.se/2.0/js/jquery-scrolltofixed-min.js///)">\", \"<script src=\\\"[https://cdn.webperf.se/2.0/js/theia-sticky-sidebar.js\\\](https://cdn.webperf.se/2.0/js/theia-sticky-sidebar.js///)">\", \"<script src=\\\"[https://cdn.webperf.se/2.0/js/scripts.js\\\](https://cdn.webperf.se/2.0/js/scripts.js///)">\"]}}, \"cdn.webperf.se\": {\"protocols\": [\"HTTP/1.1\", \"HTTP/2\", \"HTTP/3\"], \"schemes\": [\"HTTPS\"], \"ip-versions\": [\"IPv4\", \"IPv6*\"], \"transport-layers\": [\"TLSv1.2\", \"TLSv1.3\"], \"features\": [\"CSP-HEADER-FOUND\", \"HSTS-HEADER-ON-PARENTDOMAIN-FOUND\"], \"csp-objects\": {\"default-src\": {\"name\": \"default-src\", \"all\": [\"'self'\", \"cdn.webperf.se\", \"webperf.se\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"webperf.se\"], \"schemes\": [], \"subdomains\": [\"cdn.webperf.se\"], \"wildcard-subdomains\": []}, \"base-uri\": {\"name\": \"base-uri\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se\](https://webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se\](https://webperf.se/)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se\](https://webperf.se/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"script-src\": {\"name\": \"script-src\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"frame-ancestors\": {\"name\": \"frame-ancestors\", \"all\": [\"'self'\", \"cdn.webperf.se\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"cdn.webperf.se\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"connect-src\": {\"name\": \"connect-src\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se\](https://webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se\](https://webperf.se/)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se\](https://webperf.se/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"form-action\": {\"name\": \"form-action\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se\](https://webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se\](https://webperf.se/)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se\](https://webperf.se/)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"manifest-src\": {\"name\": \"manifest-src\", \"all\": [\"'self'\", \"data:\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [\"data:\"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"font-src\": {\"name\": \"font-src\", \"all\": [\"'self'\", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"child-src\": {\"name\": \"child-src\", \"all\": [\"'self'\", \"[https://webperf.se\](https://webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se\](https://webperf.se/)"], \"schemes\": [\"[https://webperf.se\](https://webperf.se/)"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"worker-src\": {\"name\": \"worker-src\", \"all\": [\"'self'\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [], \"schemes\": [], \"subdomains\": [], \"wildcard-subdomains\": []}, \"style-src\": {\"name\": \"style-src\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"img-src\": {\"name\": \"img-src\", \"all\": [\"'self'\", \"[https://webperf.se\](https://webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se\](https://webperf.se/)"], \"schemes\": [\"[https://webperf.se\](https://webperf.se/)"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"style-src-attr\": {\"name\": \"style-src-attr\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"style-src-elem\": {\"name\": \"style-src-elem\", \"all\": [\"'self'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"script-src-attr\": {\"name\": \"script-src-attr\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"script-src-elem\": {\"name\": \"script-src-elem\", \"all\": [\"'unsafe-inline'\", \"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se/\](https://webperf.se//)"], \"schemes\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)", \"[https://webperf.se/\](https://webperf.se//)"], \"subdomains\": [\"[https://cdn.webperf.se\](https://cdn.webperf.se/)"], \"wildcard-subdomains\": []}, \"frame-src\": {\"name\": \"frame-src\", \"all\": [\"'self'\", \"[https://webperf.se\](https://webperf.se/)"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"[https://webperf.se\](https://webperf.se/)"], \"schemes\": [\"[https://webperf.se\](https://webperf.se/)"], \"subdomains\": [], \"wildcard-subdomains\": []}, \"media-src\": {\"name\": \"media-src\", \"all\": [\"'self'\", \"cdn.webperf.se\", \"webperf.se\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"webperf.se\"], \"schemes\": [], \"subdomains\": [\"cdn.webperf.se\"], \"wildcard-subdomains\": []}, \"object-src\": {\"name\": \"object-src\", \"all\": [\"'self'\", \"cdn.webperf.se\", \"webperf.se\"], \"malformed\": [], \"hashes\": [], \"nounces\": [], \"wildcards\": [], \"domains\": [\"webperf.se\"], \"schemes\": [], \"subdomains\": [\"cdn.webperf.se\"], \"wildcard-subdomains\": []}}}, \"stats.tba.nu\": {\"protocols\": [\"HTTP/1.1\", \"HTTP/2\"], \"schemes\": [\"HTTPS\"], \"ip-versions\": [\"IPv4\", \"IPv6*\"], \"transport-layers\": [\"TLSv1.2\", \"TLSv1.3\"], \"features\": [\"SRI-COMPLIANT\"]}}"}]}

How to reproduce

python default.py -t 21 -r -i sites.json -o data/testresult-21.json --setting CSP_ONLY=False

Log output

No response

7h3Rabbit commented 1 day ago

Related to issue: https://github.com/sitespeedio/sitespeed.io/issues/4295

7h3Rabbit commented 1 day ago

Just to be clear, there are bugs in our code but the impact are being greater as we can only get markup when we run sitespeed using chrome right now and majority of our tests are using firefox (as chrome can not be limited for what TLS version or HTTP version to use)