{"grade":"A","gradeCapReason":"Grade capped at A because the Content-Security-Policy contains 'unsafe-inline' and 'unsafe-eval' in the script-src directive. These directives are dangerous and prevent an A+.","gradeCapped":true,"headersMissing":[],"headersPresent":["Strict-Transport-Security","Content-Security-Policy","X-Frame-Options","X-Content-Type-Options","Referrer-Policy","Permissions-Policy"],"myssl":{"advanced":["Cross-Origin-Opener-Policy","Cross-Origin-Embedder-Policy","Cross-Origin-Resource-Policy","X-XSS-Protection","X-Permitted-Cross-Domain-Policies","Cache-Control"],"deeper_score":93,"docs":"https://myssl.info/security-headers/api","https_redirect":true,"note":"Anonymous tier is for occasional checks. Register for higher limits, scheduled monitoring and grade-drop alerts.","report_url":"https://myssl.info/security-headers","summary":"Great \u2014 all core security headers are present. Grade capped at A: the Content-Security-Policy contains 'unsafe-inline' and 'unsafe-eval' in the script-src directive. These directives are dangerous and prevent an A+."},"rawHeaders":{"Connection":"keep-alive","Content-Encoding":"gzip","Content-Security-Policy":"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.tailwindcss.com https://www.googletagmanager.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://unpkg.com https://www.clarity.ms https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' data: https: blob:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://*.analytics.google.com https://pagead2.googlesyndication.com https://www.clarity.ms https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com; worker-src 'self' blob:; frame-ancestors 'none'; base-uri 'self'; form-action 'self';","Content-Type":"text/html; charset=utf-8","Date":"Fri, 26 Jun 2026 07:50:35 GMT","Permissions-Policy":"accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()","Referrer-Policy":"strict-origin-when-cross-origin","Retry-After":"983","Server":"nginx","Strict-Transport-Security":"max-age=31536000; includeSubDomains; preload","Transfer-Encoding":"chunked","Vary":"Cookie","X-Content-Type-Options":"nosniff","X-Frame-Options":"DENY","X-Permitted-Cross-Domain-Policies":"none","X-RateLimit-Limit":"100","X-RateLimit-Remaining":"97","X-RateLimit-Reset":"1782461219","X-XSS-Protection":"1; mode=block"},"score":90,"summary":{"finalUrl":"https://myssl.info","grade":"A","headers":{"content-security-policy":"amber","permissions-policy":"green","referrer-policy":"green","strict-transport-security":"green","x-content-type-options":"green","x-frame-options":"green"},"site":"myssl.info","timestamp":"2026-06-26T07:50:36.054331"},"testsFailed":0,"testsPassed":6,"testsQuantity":6,"upcomingHeaders":[{"description":"Spectre-class side-channel attacks via cross-origin embeds.","header":"Cross-Origin-Embedder-Policy","present":false},{"description":"Cross-origin side-channel attacks (Spectre) and tabnabbing via window.opener.","header":"Cross-Origin-Opener-Policy","present":false},{"description":"Cross-origin resource theft, Spectre-style leaks via cached responses.","header":"Cross-Origin-Resource-Policy","present":false}],"warnings":["Content-Security-Policy contains 'unsafe-inline' in the script-src directive, which is dangerous and undermines most of the protection the policy would otherwise provide against XSS.","Content-Security-Policy contains 'unsafe-eval' in the script-src directive, which is dangerous and permits eval()-based script injection."]}