Anna.info website technical test: Difference between revisions

From annawiki
 
(2 intermediate revisions by the same user not shown)
Line 23: Line 23:
**mobile 80 / 100
**mobile 80 / 100
**desktop 97 / 100
**desktop 97 / 100
 
*https://www.immuniweb.com/ssl/?id=286aQjJX


==CSP==
==CSP==
Line 31: Line 31:
*to do CSS marking in MediaWiki, e.g. cells in tables
*to do CSS marking in MediaWiki, e.g. cells in tables


==TLS 1.3 only==
==TLS 1.3-only==
anna.info switched to TLS 1.3-only
*https://github.com/mozilla/http-observatory-website/issues/238 bug: Fail on TLS 1.3-only
*https://github.com/mozilla/http-observatory-website/issues/238 bug: Fail on TLS 1.3-only
*https://github.com/ssllabs/ssllabs-scan/issues/815
*https://tls.imirhil.fr/https/anna.info - "Error during analysis: TLS seems not supported on this server"
*https://tls.imirhil.fr/https/anna.info - "Error during analysis: TLS seems not supported on this server"


==Other==
==Other==
*https://www.heise.de/forum/heise-online/News-Kommentare/heise-online-HTTPS-auch-fuer-Mobilgeraete/X-XSS-Protection-X-Content-Type-Options-Content-Security-Policy-nicht-vergessen/posting-29747747/show/
*https://www.heise.de/forum/heise-online/News-Kommentare/heise-online-HTTPS-auch-fuer-Mobilgeraete/X-XSS-Protection-X-Content-Type-Options-Content-Security-Policy-nicht-vergessen/posting-29747747/show/

Latest revision as of 2022-06-17T21:28:39

Links

CSP

Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'

The "style-src 'unsafe-inline'" prevents getting +5 points. Inline CSS is used

  • for getting 100/100 on Goolge speed test, which does not seem to be possible with external CSS
  • to do CSS marking in MediaWiki, e.g. cells in tables

TLS 1.3-only

anna.info switched to TLS 1.3-only

Other