# Scoring

## SSL Labs
![alt text](./scoring/SSL_Labs.png?raw=true)

## Mozilla Observatory
![alt text](./scoring/Mozilla_Observatory.png?raw=true)

# Additional Score Commentary:

## Mozilla Observatory
Current CSP requires the use of unsafe-eval and unsafe-inline for script-src.
Current CSP requires the use of unsafe-inline for style-src.
The relevant issue can be found at: https://github.com/go-gitea/gitea/issues/305