<div class="table-responsive">
<table class="table table-striped table-condensed pull-left scan-summary-table">
<tbody><tr>
<th>Test</th>
<th>Pass</th>
<th>Score</th>
<th>Explanation</th>
<th></th>
</tr>
<tr>
<td><a href="https://infosec.mozilla.org/guidelines/web_security#content-security-policy">Content Security Policy</a></td>
<td class="glyphicon glyphicon-remove" id="tests-content-security-policy-pass" aria-hidden="true" aria-label="Fail"></td>
<td id="tests-content-security-policy-score">-25</td>
<td id="tests-content-security-policy-score-description">Content Security Policy (CSP) header not implemented</td>
<td><span class="glyphicon glyphicon-info-sign" data-toggle="popover" title="" data-content="Content Security Policy (CSP) can prevent a wide range of cross-site scripting (XSS) and clickjacking attacks against your website." data-original-title="Content Security Policy"></span></td>
</tr>
<tr>
<td><a href="https://infosec.mozilla.org/guidelines/web_security#cookies">Cookies</a></td>
<td class="glyphicon glyphicon-minus" id="tests-cookies-pass" aria-hidden="true" aria-label="Not Applicable / Optional"></td>
<td id="tests-cookies-score">0</td>
<td id="tests-cookies-score-description">No cookies detected</td>
<td><span class="glyphicon glyphicon-info-sign" data-toggle="popover" title="" data-content="Using cookies attributes such as Secure and HttpOnly can protect users from having their personal information stolen." data-original-title="Cookies"></span></td>
</tr>
<tr>
<td><a href="https://infosec.mozilla.org/guidelines/web_security#cross-origin-resource-sharing">Cross-origin Resource Sharing</a></td>
<td class="glyphicon glyphicon-ok" id="tests-cross-origin-resource-sharing-pass" aria-hidden="true" aria-label="Pass"></td>
<td id="tests-cross-origin-resource-sharing-score">0</td>
<td id="tests-cross-origin-resource-sharing-score-description">Content is not visible via cross-origin resource sharing (CORS) files or headers</td>
<td><span class="glyphicon glyphicon-info-sign" data-toggle="popover" title="" data-content="Incorrectly configured CORS settings can allow foreign sites to read your site's contents, possibly allowing them access to private user information." data-original-title="Cross-origin Resource Sharing"></span></td>
</tr>
<tr>
<td><a href="https://infosec.mozilla.org/guidelines/web_security#http-public-key-pinning">HTTP Public Key Pinning</a></td>
<td class="glyphicon glyphicon-minus" id="tests-public-key-pinning-pass" aria-hidden="true" aria-label="Not Applicable / Optional"></td>
<td id="tests-public-key-pinning-score">0</td>
<td id="tests-public-key-pinning-score-description">HTTP Public Key Pinning (HPKP) header not implemented (optional)</td>
<td><span class="glyphicon glyphicon-info-sign" data-toggle="popover" title="" data-content="HTTP Public Key Pinning (HPKP) binds a site to a specific combination of certificate authorities and/or keys, protecting against the unauthorized issuance of certificates." data-original-title="HTTP Public Key Pinning"></span></td>
</tr>
<tr>
<td><a href="https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security">HTTP Strict Transport Security</a></td>
<td class="glyphicon glyphicon-ok" id="tests-strict-transport-security-pass" aria-hidden="true" aria-label="Pass"></td>
<td id="tests-strict-transport-security-score">0</td>
<td id="tests-strict-transport-security-score-description">HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)</td>
<td><span class="glyphicon glyphicon-info-sign" data-toggle="popover" title="" data-content="HTTP Strict Transport Security (HSTS) instructs web browsers to visit your site only over HTTPS." data-original-title="HTTP Strict Transport Security"></span></td>
</tr>
<tr>
<td><a href="https://infosec.mozilla.org/guidelines/web_security#http-redirections">Redirection</a></td>
<td class="glyphicon glyphicon-ok" id="tests-redirection-pass" aria-hidden="true" aria-label="Pass"></td>
<td id="tests-redirection-score">0</td>
<td id="tests-redirection-score-description">Initial redirection is to HTTPS on same host, final destination is HTTPS</td>
<td><span class="glyphicon glyphicon-info-sign" data-toggle="popover" title="" data-content="Properly configured redirections from HTTP to HTTPS allow browsers to correctly apply HTTP Strict Transport Security (HSTS) settings." data-original-title="Redirection"></span></td>
</tr>
<tr>
<td><a href="https://infosec.mozilla.org/guidelines/web_security#referrer-policy">Referrer Policy</a></td>
<td class="glyphicon glyphicon-minus" id="tests-referrer-policy-pass" aria-hidden="true" aria-label="Not Applicable / Optional"></td>
<td id="tests-referrer-policy-score">0</td>
<td id="tests-referrer-policy-score-description">Referrer-Policy header not implemented (optional)</td>
<td><span class="glyphicon glyphicon-info-sign" data-toggle="popover" title="" data-content="Referrer Policy can protect the privacy of your users by restricting the contents of the HTTP Referer header." data-original-title="Referrer Policy"></span></td>
</tr>
<tr>
<td><a href="https://infosec.mozilla.org/guidelines/web_security#subresource-integrity">Subresource Integrity</a></td>
<td class="glyphicon glyphicon-minus" id="tests-subresource-integrity-pass" aria-hidden="true" aria-label="Not Applicable / Optional"></td>
<td id="tests-subresource-integrity-score">0</td>
<td id="tests-subresource-integrity-score-description">Subresource Integrity (SRI) is not needed since site contains no script tags</td>
<td><span class="glyphicon glyphicon-info-sign" data-toggle="popover" title="" data-content="Subresource Integrity protects against JavaScript files and stylesheets stored on content delivery networks (CDNs) from being maliciously modified." data-original-title="Subresource Integrity"></span></td>
</tr>
<tr>
<td><a href="https://infosec.mozilla.org/guidelines/web_security#x-content-type-options">X-Content-Type-Options</a></td>
<td class="glyphicon glyphicon-remove" id="tests-x-content-type-options-pass" aria-hidden="true" aria-label="Fail"></td>
<td id="tests-x-content-type-options-score">-5</td>
<td id="tests-x-content-type-options-score-description">X-Content-Type-Options header not implemented</td>
<td><span class="glyphicon glyphicon-info-sign" data-toggle="popover" title="" data-content="X-Content-Type-Options instructs browsers to not guess the MIME types of files that the web server is delivering." data-original-title="X-Content-Type-Options"></span></td>
</tr>
<tr>
<td><a href="https://infosec.mozilla.org/guidelines/web_security#x-frame-options">X-Frame-Options</a></td>
<td class="glyphicon glyphicon-remove" id="tests-x-frame-options-pass" aria-hidden="true" aria-label="Fail"></td>
<td id="tests-x-frame-options-score">-20</td>
<td id="tests-x-frame-options-score-description">X-Frame-Options (XFO) header not implemented</td>
<td><span class="glyphicon glyphicon-info-sign" data-toggle="popover" title="" data-content="X-Frame-Options controls whether your site can be framed, protecting against clickjacking attacks. It has been superseded by Content Security Policy's <code>frame-ancestors</code> directive, but should still be used for now." data-original-title="X-Frame-Options"></span></td>
</tr>
<tr>
<td><a href="https://infosec.mozilla.org/guidelines/web_security#x-xss-protection">X-XSS-Protection</a></td>
<td class="glyphicon glyphicon-remove" id="tests-x-xss-protection-pass" aria-hidden="true" aria-label="Fail"></td>
<td id="tests-x-xss-protection-score">-10</td>
<td id="tests-x-xss-protection-score-description">X-XSS-Protection header not implemented</td>
<td><span class="glyphicon glyphicon-info-sign" data-toggle="popover" title="" data-content="X-XSS-Protection protects against reflected cross-site scripting (XSS) attacks in IE and Chrome, but has been superseded by Content Security Policy. It can still be used to protect users of older web browsers." data-original-title="X-XSS-Protection"></span></td>
</tr>
</tbody></table>
</div>