Getting an A+ score at Mozilla Observatory

Rafał Hacuś

1 min read
Getting an A+ score at Mozilla Observatory

What is Mozilla Observatory?

The Mozilla Foundation's Mozilla Observatory is a free online tool for assessing a website's security and privacy settings. Its goal is to make finding security and privacy problems on websites easier.

The Observatory is an automatic tool that performs scans of websites and generates a report with extensive details about the website's privacy and security. The report provides a security score that quantifies the state of the website's security. Information on the website's security and privacy settings, such as whether or not it employs HTTPS & HSTS, the strength of its encryption, and whether or not it uses secure cookies, is also included in the report.

The Observatory also details the website's security and privacy measures, such as whether or not it employs secure headers and content security standards.

When it comes to protecting users' personal information and financial data, the Observatory is an invaluable resource. Head here to learn more about your website's security and privacy.

How to achieve an A+ score on Mozilla Observatory (apache)?

You can add the following lines to your apache configuration file (usually under: /etc/apache2/sites-avalible): 

<IfModule mod_headers.c>

    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None
    Header set Content-Security-Policy "default-src 'none'; form-action 'self'; frame-ancestors 'self' ; object-src 'none'; script-src 'strict-dynamic' 'nonce-rAnd0m123' 'unsafe-inline' http: https: ; base-uri 'self' ; require-trusted-types-for 'script';"
    Header set Strict-Transport-Security: max-age=63072000
    Header set X-Content-Type-Options: nosniff
    Header set X-Frame-Options: SAMEORIGIN
    Header set X-XSS-Protection: "1; mode=block"
    Header set Referrer-Policy: same-origin

</IfModule>

This will give you a score of 125/100, which results in an A+ score.

Summary

Mozilla Observatory is a free online tool for assessing a website's security and privacy settings, providing a security score and details on security and privacy measures. You can quickly secure your websites by adding some lines to your configuration file.