My website has an “F” rating on Mozilla Observatory – should I be worried?

This is not only a simple HTML website, I also host my email under this domain. A personal homepage, nothing work-related. All services were provided by the webhost.

the failed tests:

Content Security Policy (CSP) header not implemented

HTTP Strict Transport Security (HSTS) header not implemented

Does not redirect to an HTTPS site

X-Content-Type-Options header not implemented

X-Frame-Options (XFO) header not implemented

X-XSS-Protection header not implemented

Is this the level of security I can expect from a well-known webhosting service in my country? Is it viable for a motivated attacker to access my email (and potentially take over)?

I could have fixed at least the HTTPS-redirection myself, but I'd prefer that the hosting company sets a basic level of security for all customers.

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s