Open Kenneth-Barber opened 2 years ago
Thanks for filing a bug. Are there specific headers you think BadSSL.com should use? I'm not sure any of these are relevant for us.
I'd like to think that at least X-Frame-Options, Referrer-Policy, and Permissions-Policy are relevant to badssl.com. I know that Strict-Transport-Security will probably not be implemented site-wide since HSTS is one of the scenarios presented on badssl.com.
Hmm thinking about each of these:
no-referrer
here?
To keep users of badssl.com as safe as possible, please improve badssl.com's Security Headers score as much as possible without violating the intention of or breaking the functionality of badssl.com. https://securityheaders.com/?q=https%3A%2F%2Fbadssl.com%2F