MDN tool that tells you of security gaps in your website
The website features the HTTP Observatory tool for free website scanning, real-time AI help, resources for web developers, browser compatibility updates, and a community forum. It aims to enhance internet experiences.
Read original articleThe website offers a tool called HTTP Observatory that allows users to scan a website for free. The tool provides insights and information related to the security and performance of the scanned website. Users can access real-time assistance and support through an AI help feature available on the website. Additionally, the site offers resources and guides for web developers to enhance their skills in areas such as HTML, CSS, JavaScript, and accessibility. Visitors can also find browser compatibility updates, documentation, and frequently asked questions about the services provided. The platform aims to support developers in creating a better internet experience by offering tools, resources, and a community forum for discussion and collaboration.
Related
Show HN: I made tool that let's you see everything about any website
Web-Check is a free tool by Alicia Sykes, offering website details through URL scans. It requires JavaScript activation. Licensed under MIT, it aids users with website insights.
Show HN: SaaS Surf – Curated tools for makers that are off the hook
SaaS Surf offers curated tools, resources, and lifetime deals for developers, designers, and entrepreneurs. It features products like Snitcher and Sitechecker for developers, Pixelfree Studio for designers, and discounted lifetime deals. The platform aims to be a comprehensive SaaS solution.
Argos Panoptès – An open source monitoring and status board for websites
Argos is a website monitoring tool with external check testing and notification features. It operates on a Server-Agent architecture, allowing extensibility through Python checks. Developed by Alexis Métaireau under Framasoft, it offers a web interface and HTTP API for accessing results.
Mozilla has relaunched HTTP Observatory under MDN
The HTTP Observatory on MDN Web Docs provides a free tool to scan websites for HTTP header security, aiding developers in assessing and enhancing website security to protect against threats.
Show HN: Clockech − The analytics platform for modern websites
Clockech is an analytics platform for modern websites, focusing on intuitive analytics, real-time insights, and data security. It prioritizes user privacy, data governance, disaster recovery, and simplifying web analytics for businesses.
Content Security Policy (CSP) −25
X-Content-Type-Options −5
X-Frame-Options −20
Yet it's just a simple static website without scripts, cookies or any other dynamic content. If you need to specficy whatever random heades WHATWG comes up with each year for a static site to be secure then the problem is the browser not the website.
X-Content-Type-Options is in particular is 100% about browsers ignoring the spec and then making you set another header asking them to please reconsider.
Referer is another thing that should be 100% fixed on the browser side instead of each website asking the browser to please not leak information to other websites.
Then when you look at the scoring criteria [0] you see it even avards bonus points for setting cookies and using scripts as long as you do it in the currently fashionable way comapared to not using cookies/scripts at all. This is absolutely the wrong way around.
[0] https://developer.mozilla.org/en-US/observatory/docs/tests_a...
Edit: Figured I should point out that the old one had TLS and SSH stuff also, and the URL was https://observatory.mozilla.org.
Related
Show HN: I made tool that let's you see everything about any website
Web-Check is a free tool by Alicia Sykes, offering website details through URL scans. It requires JavaScript activation. Licensed under MIT, it aids users with website insights.
Show HN: SaaS Surf – Curated tools for makers that are off the hook
SaaS Surf offers curated tools, resources, and lifetime deals for developers, designers, and entrepreneurs. It features products like Snitcher and Sitechecker for developers, Pixelfree Studio for designers, and discounted lifetime deals. The platform aims to be a comprehensive SaaS solution.
Argos Panoptès – An open source monitoring and status board for websites
Argos is a website monitoring tool with external check testing and notification features. It operates on a Server-Agent architecture, allowing extensibility through Python checks. Developed by Alexis Métaireau under Framasoft, it offers a web interface and HTTP API for accessing results.
Mozilla has relaunched HTTP Observatory under MDN
The HTTP Observatory on MDN Web Docs provides a free tool to scan websites for HTTP header security, aiding developers in assessing and enhancing website security to protect against threats.
Show HN: Clockech − The analytics platform for modern websites
Clockech is an analytics platform for modern websites, focusing on intuitive analytics, real-time insights, and data security. It prioritizes user privacy, data governance, disaster recovery, and simplifying web analytics for businesses.