We’ve got SecureScoreCard auditing our domains and websites and we’re getting a lot of failures on the forwarding URL’s we’ve got set up in CloudFlare.
Below are some of the items we’re failing. Most of them seem to be missing headers. It seems like this would be the redirect at CloudFlare missing the headers. Is there a way to get these passing?
- Content Security Policy (CSP) Missing
- The HTTP site redirects users to a new URL in a way that cannot be secured with HTTPS and HSTS headers.
- Website Does Not Implement HSTS Best Practices
- Redirect Chain Contains HTTP
- Website does not implement X-Frame-Options Best Practices
- Website does not implement X-XSS-Protection Best Practices
- Website does not implement X-Content-Type-Options Best Practices