These recommendations are from a web scanning tool called Webbkoll:
HTTP Strict Transport Security (HSTS) not implemented.
- Add HTTP Header: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content Security Policy (CSP) header not implemented.
- Add HTTP Header: Content-Security-Policy: default-src 'self'
Referrer Policy set to strict-origin-when-cross-origin in Referrer-Policy HTTP header.
- Add HTTP Header: Referrer-Policy: no-referrer
Subresource Integrity (SRI) not implemented, but all external resources are loaded over HTTPS
- SRI can be used with script and link elements. To enable SRI on an element, you need to add integrity and crossorigin attributes to it.
These recommendations are from a web scanning tool called Webbkoll:
HTTP Strict Transport Security (HSTS) not implemented.
Content Security Policy (CSP) header not implemented.
Referrer Policy set to strict-origin-when-cross-origin in Referrer-Policy HTTP header.
Subresource Integrity (SRI) not implemented, but all external resources are loaded over HTTPS