As http://kkkkkkkkkk63ava6.onion/wiki/Whonix:Privacy_policy is locked from editing, please add to the “Technical Information” table →
HTTP Headers & Content Security
Then (in red):
D Rating. Analyse your HTTP response headers Content Security Policy is not enacted, X-Content-Type-Options are vulnerable to MIME-sniffing, and Referrer Policy is not set.
Also suggest adding to the table →
Then (in yellow or red):
The server header is advertising the software being run on the server. Analyse your HTTP response headers
Maybe change HSTS to yellow also due to Mozilla Observatory not liking the strict transport security settings (but not specifying why).
Transparency with users and all that. Right now the table makes it look like everything is fine and dandy, when it isn’t.