Scoring
SSL Labs
Mozilla Observatory
Additional Score Commentary:
Mozilla Observatory
Current CSP requires the use of unsafe-inline in style-src.
Current CSP requires the use of unsafe-inline in script-src.
The relevant issue can be found at https://github.com/jellyfin/jellyfin/issues/1885
This scores a -20 in Mozilla Observatory.