~/tools / security-headers
Security Headers Checker
Scan HTTP security headers. Grades HSTS, CSP, X-Frame-Options and others, with explanations of what each header protects.
[ WARNING ]
Below average (45/100) — missing: CSP, X-Content-Type-Options, Referrer-Policy
── output ─────
45
security_score
HTTP 200 · https://www.france24.com/en/
Strict-Transport-Security (HSTS)
[ STRONG ]
// Forces HTTPS for all connections. Prevents downgrade attacks.
max-age=15768000
Content-Security-Policy (CSP)
[ MISSING ]
// Defines which sources of scripts/styles/images are allowed. Prevents XSS.
// missing — add this header to improve security
X-Frame-Options
[ STRONG ]
// Prevents clickjacking by blocking iframe embedding from other origins.
DENY
X-Content-Type-Options
[ MISSING ]
// Prevents MIME sniffing. Should be 'nosniff'.
// missing — add this header to improve security
Referrer-Policy
[ MISSING ]
// Controls how much referrer info is leaked when navigating away.
// missing — add this header to improve security
Permissions-Policy
[ PRESENT ]
// Restricts which browser features (camera, mic, etc.) the page can use.
browsing-topics=*, ch-save-data=(self "https://s.france24.com" "https://static.france24.com"), ch-ect=(self "https://s.france24.com" "https://static.france24.com"), ch-viewport-width=(self "https://s.france24.com" "https://static.france24.com"), ch-width=(self "https://s.france24.com" "https://static.france24.com"), ch-dpr=(self "https://s.france24.com" "https://static.france24.com")