api.shipit.staging.mozilla-releng.net has failed the web security baseline

[moz-hwine]

Site https://api.shipit.staging.mozilla-releng.net has failed the web security baseline scan.

The failing tests are:

Strict-Transport-Security Header Not Set [10035] x 3

• https://api.shipit.staging.mozilla-releng.net/ (403 Forbidden)
• https://api.shipit.staging.mozilla-releng.net/robots.txt (403 Forbidden)

• https://api.shipit.staging.mozilla-releng.net/sitemap.xml (403 Forbidden)

  Content Security Policy (CSP) Header Not Set [10038] x 3

• https://api.shipit.staging.mozilla-releng.net/ (403 Forbidden)
• https://api.shipit.staging.mozilla-releng.net/robots.txt (403 Forbidden)
• https://api.shipit.staging.mozilla-releng.net/sitemap.xml (403 Forbidden)

This issue was automatically raised.

This issue is managed automatically by the baseline scan:

• If the failing tests change then it will be updated
• If it is closed before the tests pass then a new one will be opened
• When all of the tests pass then it will be closed

Full details, including how to test for these issues locally, can be found on this Security Baseline Service dashboard. If you have any questions or concerns please get in contact with @psiinon

[oremj]

Does this scanner have a static IP? We will need to whitelist it. This is protected by cloudarmor.

[moz-hwine]

The following test(s) for site https://api.shipit.staging.mozilla-releng.net have now passed:

• Content Security Policy (CSP) Header Not Set

Keep up the good work!

[moz-hwine]

The web security baseline scan results for site https://api.shipit.staging.mozilla-releng.net has new failures:

Content Security Policy (CSP) Header Not Set [10038] x 3

• https://api.shipit.staging.mozilla-releng.net/ (403 Forbidden)
• https://api.shipit.staging.mozilla-releng.net/robots.txt (403 Forbidden)
• https://api.shipit.staging.mozilla-releng.net/sitemap.xml (403 Forbidden)