observatory.mozilla.org security analysis with A

observatory.mozilla.org site security analysis with A+ score implementationContent Security Policy: implement content security policy (CSP) headerCookies:All cookies shall use the Secure flag, session cookies use the HttpOnly flag, and cross-origin restrictions in place via the SameSite flag Cross-origin Resource Sharing:Setup Content not visible via cross-origin resource sharing (CORS) files or headers HTTP Strict Transport Security: Preloaded via the HTTP Strict Transport Security (HSTS) preloading process Redirection: All hosts redirected to HTTP Strict Transport Security (HSTS) preload list for HTTPSReferrer Policy:Referrer-Policy header set to "no-referrer", "same-origin", "strict-origin" or "strict-origin-when-cross-origin" Subresource Integrity: Subresource Integrity (SRI)  implementationX-Content-Type-Options:X-Content-Type-Options header set to "nosniff" X-Frame-Options:X-Frame-Options (XFO) header set to SAMEORIGIN or DENY X-XSS-Protection:Deprecated X-XSS-Protection header implementation