alx-a
commented
5 years ago Hi
Alex Does your setting block external files loading from chat website like Tawk.to or Google fonts, sharing plugins?
I struggle to get A+ for me site. Thanks for sharing.
Hi Robert! for the A+ you want to bring the externals to a minimum. For example, hosting your own fonts and scripts is usually a must. If you check out the rating for f.e paypal, it is only A, so perhaps that rating may be an adequate benchmark :) https://securityheaders.com/?q=https%3A%2F%2Fwww.paypal.com%2Fus%2Fhome
Added new Referrer-policy header required for A rating. Commented on Feature policy being required in the future.