They both test somewhat different metrics, so Rubenerd got an A+ from Qualys, but only a B+ from Mozilla. The great thing is they each offer suggestions, so I was able to get to an A+ with just a few changes.
My only caveat was this listed failure on the Mozilla Observatory:
Blocks inline styles by not allowing ‘unsafe-inline’ inside style-src
I can see how removing inline styles would offer security benefits, but we’ve had it drummed into us for years that HTML
height attributes are depracated in favour of CSS. It’s infeasible for most sites to store sizes for every single image in a remote CSS file.