Hello!
I submitted my website to be re-analyzed and while the website screenshots were updated, it was still deemed dangerous. I have fixed the CSP for my HTTPS and HTML header to use hashes. There is no input form available on my website. There should be no way for malicious code to be implemented into the website by others, to the best of my knowledge. I've included the immuniweb scan of my last security test. Since then I've changed the filler nonce-values to hashes. For some reason Wapiti says I don't have X-XSS protection but I do, through cloudflare.