I've been working at getting CSP directives set, and I have achieved an A, but have 2 problems remaining. Anything that I put in the Content-Security-Policy field gets attributed to X-Frame options, and when it's blank, I have an error about 2 X-Frame options. Leaving that field blank has added an unsafe-inline directive. Here's 2 pdfs to show you.
Last edit: 2 years 7 months ago by Timeforsmilin. Reason: Pics were too large
Yes, you're right about the Content-Security-Policy: it adds a X-frame header instead the CSP. It will be fixed in the next release.
Leaving that field blank has added an unsafe-inline directive
I have also checked this and I think this happens because you have a previous directive applied. If the field is empty it doesn't add any line. You can try deleting the .htaccess before applyting all your new settings (once saved ).