Sambarcando and Anna.info website technical test: Difference between pages
(Difference between pages)
Created page with "https://www.youtube.com/watch?v=Kp_Mcwh3lOo" |
No edit summary |
||
| Line 1: | Line 1: | ||
https://www. | ==Links== | ||
*https://www.ssllabs.com/ssltest/analyze.html?d=anna.info | |||
** A+ (Certificate 100, Protocal Support 100, Key Exchange 100, Cipher Strength 100) | |||
** This site works only in browsers with SNI support. | |||
*https://tls.imirhil.fr/https/anna.info | |||
** A (Protocol 60, Key exchange 100, Cipher 90, Overall 84.0) | |||
*https://securityheaders.io/?followRedirects=on&hide=on&q=anna.info | |||
** A | |||
*[[Test by hstspreload.appspot.com]] https://hstspreload.appspot.com/?domain=anna.info | |||
** Status: anna.info is not preloaded. | |||
*https://observatory.mozilla.org/analyze.html?host=anna.info | |||
** A+; Score: 100/100, Tests Passed: 10/10 | |||
** Note: One can get a score higher than 100, e.g. | |||
*** +5 Content Security Policy - if no unsafe-inline is present, anna.info having "Content Security Policy (CSP) implemented with 'unsafe-inline' inside style-src" gets 0 for "Content Security Policy" | |||
*** +5 HTTP Strict Transport Security - if preload is present | |||
*https://www.google.com/webmasters/tools/mobile-friendly/?url=https%3A%2F%2Fanna.info%2F | |||
**Awesome! This page is mobile-friendly. | |||
*https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fanna.info%2F | |||
**mobile 100 / 100 Speed, 100 / 100 User Experience; desktop 100 / 100 Suggestions Summary | |||
==Issues== | |||
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' | |||
The "style-src 'unsafe-inline'" prevents getting +5 points. Inline CSS is used | |||
*for getting 100/100 on Goolge speed test, which does not seem to be possible with external CSS | |||
*to to CSS marking in MediaWiki, e.g. cells in tables | |||
==Other== | |||
*https://www.heise.de/forum/heise-online/News-Kommentare/heise-online-HTTPS-auch-fuer-Mobilgeraete/X-XSS-Protection-X-Content-Type-Options-Content-Security-Policy-nicht-vergessen/posting-29747747/show/ | |||
Revision as of 2018-02-20T16:16:33
Links
- https://www.ssllabs.com/ssltest/analyze.html?d=anna.info
- A+ (Certificate 100, Protocal Support 100, Key Exchange 100, Cipher Strength 100)
- This site works only in browsers with SNI support.
- https://tls.imirhil.fr/https/anna.info
- A (Protocol 60, Key exchange 100, Cipher 90, Overall 84.0)
- https://securityheaders.io/?followRedirects=on&hide=on&q=anna.info
- A
- Test by hstspreload.appspot.com https://hstspreload.appspot.com/?domain=anna.info
- Status: anna.info is not preloaded.
- https://observatory.mozilla.org/analyze.html?host=anna.info
- A+; Score: 100/100, Tests Passed: 10/10
- Note: One can get a score higher than 100, e.g.
- +5 Content Security Policy - if no unsafe-inline is present, anna.info having "Content Security Policy (CSP) implemented with 'unsafe-inline' inside style-src" gets 0 for "Content Security Policy"
- +5 HTTP Strict Transport Security - if preload is present
- https://www.google.com/webmasters/tools/mobile-friendly/?url=https%3A%2F%2Fanna.info%2F
- Awesome! This page is mobile-friendly.
- https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fanna.info%2F
- mobile 100 / 100 Speed, 100 / 100 User Experience; desktop 100 / 100 Suggestions Summary
Issues
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'
The "style-src 'unsafe-inline'" prevents getting +5 points. Inline CSS is used
- for getting 100/100 on Goolge speed test, which does not seem to be possible with external CSS
- to to CSS marking in MediaWiki, e.g. cells in tables