Anna.info website technical test: Difference between revisions
| (29 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Links== | ==Links== | ||
*https://www.ssllabs.com/ssltest/analyze.html?d=anna.info | *https://www.ssllabs.com/ssltest/analyze.html?d=anna.info | ||
** A (100, | ** A+ (Certificate 100, Protocal Support 100, Key Exchange 100, Cipher Strength 100) | ||
*https://hstspreload.appspot.com/?domain=anna.info | ** This site works only in browsers with SNI support. | ||
** Status: anna.info is | *https://tls.imirhil.fr/https/anna.info | ||
*https://observatory.mozilla.org/analyze.html?host=anna.info | ** A (Protocol 100, Key exchange 100, Cipher 100, Overall 100.0) | ||
** | *https://securityheaders.io/?followRedirects=on&hide=on&q=anna.info | ||
** A | |||
*[[Test by hstspreload.appspot.com]] https://hstspreload.org/?domain=anna.info | |||
** Status: anna.info is currently preloaded. | |||
*https://observatory.mozilla.org/analyze.html?host=anna.info | |||
** A+; Score: 125/100, Tests Passed: 11/11 | |||
** Note: One can get a score higher than 100, e.g. | |||
*** Content Security Policy | |||
**** +10 Content Security Policy (CSP) implemented with default-src 'none' and no 'unsafe' | |||
**** +5 Content Security Policy - if no unsafe-inline is present, anna.info having "Content Security Policy (CSP) implemented with 'unsafe-inline' inside style-src" gets 0 for "Content Security Policy" | |||
*** HTTP Strict Transport Security +5 Preloaded via the HTTP Strict Transport Security (HSTS) preloading process | |||
*** Referrer Policy +5 Referrer-Policy header set to "no-referrer", "same-origin", "strict-origin" or "strict-origin-when-cross-origin" | |||
*** X-Frame-Options +5 X-Frame-Options (XFO) implemented via the CSP frame-ancestors directive | |||
*https://www.google.com/webmasters/tools/mobile-friendly/?url=https%3A%2F%2Fanna.info%2F | *https://www.google.com/webmasters/tools/mobile-friendly/?url=https%3A%2F%2Fanna.info%2F | ||
** | **Page is mobile-friendly | This page is easy to use on a mobile device | ||
*https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fanna.info%2F | *https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fanna.info%2F | ||
**mobile 100 / 100 | **mobile 80 / 100 | ||
**desktop 97 / 100 | |||
*https://www.immuniweb.com/ssl/?id=286aQjJX | |||
== | ==CSP== | ||
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' | |||
The "style-src 'unsafe-inline'" prevents getting +5 points. Inline CSS is used | |||
*for getting 100/100 on Goolge speed test, which does not seem to be possible with external CSS | |||
*to do CSS marking in MediaWiki, e.g. cells in tables | |||
==TLS 1.3-only== | |||
anna.info switched to TLS 1.3-only | |||
*https://github.com/mozilla/http-observatory-website/issues/238 bug: Fail on TLS 1.3-only | |||
*https://github.com/ssllabs/ssllabs-scan/issues/815 | |||
*https://tls.imirhil.fr/https/anna.info - "Error during analysis: TLS seems not supported on this server" | |||
==Other== | |||
*https://www.heise.de/forum/heise-online/News-Kommentare/heise-online-HTTPS-auch-fuer-Mobilgeraete/X-XSS-Protection-X-Content-Type-Options-Content-Security-Policy-nicht-vergessen/posting-29747747/show/ | |||
Latest revision as of 2022-06-17T21:28:39
Links
- https://www.ssllabs.com/ssltest/analyze.html?d=anna.info
- A+ (Certificate 100, Protocal Support 100, Key Exchange 100, Cipher Strength 100)
- This site works only in browsers with SNI support.
- https://tls.imirhil.fr/https/anna.info
- A (Protocol 100, Key exchange 100, Cipher 100, Overall 100.0)
- https://securityheaders.io/?followRedirects=on&hide=on&q=anna.info
- A
- Test by hstspreload.appspot.com https://hstspreload.org/?domain=anna.info
- Status: anna.info is currently preloaded.
- https://observatory.mozilla.org/analyze.html?host=anna.info
- A+; Score: 125/100, Tests Passed: 11/11
- Note: One can get a score higher than 100, e.g.
- Content Security Policy
- +10 Content Security Policy (CSP) implemented with default-src 'none' and no 'unsafe'
- +5 Content Security Policy - if no unsafe-inline is present, anna.info having "Content Security Policy (CSP) implemented with 'unsafe-inline' inside style-src" gets 0 for "Content Security Policy"
- HTTP Strict Transport Security +5 Preloaded via the HTTP Strict Transport Security (HSTS) preloading process
- Referrer Policy +5 Referrer-Policy header set to "no-referrer", "same-origin", "strict-origin" or "strict-origin-when-cross-origin"
- X-Frame-Options +5 X-Frame-Options (XFO) implemented via the CSP frame-ancestors directive
- Content Security Policy
- https://www.google.com/webmasters/tools/mobile-friendly/?url=https%3A%2F%2Fanna.info%2F
- Page is mobile-friendly | This page is easy to use on a mobile device
- https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fanna.info%2F
- mobile 80 / 100
- desktop 97 / 100
- https://www.immuniweb.com/ssl/?id=286aQjJX
CSP
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'
The "style-src 'unsafe-inline'" prevents getting +5 points. Inline CSS is used
- for getting 100/100 on Goolge speed test, which does not seem to be possible with external CSS
- to do CSS marking in MediaWiki, e.g. cells in tables
TLS 1.3-only
anna.info switched to TLS 1.3-only
- https://github.com/mozilla/http-observatory-website/issues/238 bug: Fail on TLS 1.3-only
- https://github.com/ssllabs/ssllabs-scan/issues/815
- https://tls.imirhil.fr/https/anna.info - "Error during analysis: TLS seems not supported on this server"