See Tracker SSL results.

We are being disconnected via disconnect extension from -gstatic.com, -google-analytics.com & vimeo.com
85% of the trackers on this site could be protecting you from NSA snooping. Tell kali.org to fix it.
Only tracking by mustbebuilt.co.uk goes unprotected - because of my bw profiler extension.
local.adguad.com could communicate securely if the website had been secure.
SPOF detection: Possible Frontend SPOF from:

fonts.googleapis.com - Whitelist
(84%) -
(84%) - <link rel=‘stylesheet’ id=‘us-font-2-css’ -href=‘-https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400italic%2C700%2C700italic&subset=latin&ver=4.3.1’ type=‘text/css’ media=‘all’ />

AOS alerts for 1 tracking system. DrWeb of web analytics blocked - Ghostery flags google-analytics here.

Security settings: -transport-security max-age=15552000 Secure
x-frame-options sameorigin, sameorigin Insecure
x-content-type-options nosniff Secure
x-xss-protection 1; mode=block Secure
content-security-policy Header not returned Insecure
cache-control Header not returned Insecure
access-control-allow-origin Header not returned Secure

See the re-write for HTTPS Everywhere in the Atlas here: https://www.eff.org/https-everywhere/atlas/domains/kali.org.html
PFS supported. http://toolbar.netcraft.com/site_report?url=https://www.kali.org
Secured via Sucuri Cloudproxy - but there is still some reason for improvements.

See: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.kali.org%2F

polonus