Anna.info website technical test: Difference between revisions

From annawiki
(→‎Links: Status: anna.info is currently preloaded.)
(4 intermediate revisions by the same user not shown)
Line 4: Line 4:
** This site works only in browsers with SNI support.
** This site works only in browsers with SNI support.
*https://tls.imirhil.fr/https/anna.info
*https://tls.imirhil.fr/https/anna.info
** A (Protocol 60, Key exchange 100, Cipher 90, Overall 84.0)
** A (Protocol 100, Key exchange 100, Cipher 100, Overall 100.0)
*https://securityheaders.io/?followRedirects=on&hide=on&q=anna.info
*https://securityheaders.io/?followRedirects=on&hide=on&q=anna.info
** A
** A
Line 10: Line 10:
** Status: anna.info is currently preloaded.
** Status: anna.info is currently preloaded.
*https://observatory.mozilla.org/analyze.html?host=anna.info
*https://observatory.mozilla.org/analyze.html?host=anna.info
** A+; Score: 100/100, Tests Passed: 10/10
** A+; Score: 125/100, Tests Passed: 11/11
** Note: One can get a score higher than 100, e.g.  
** Note: One can get a score higher than 100, e.g.  
*** +5 Content Security Policy - if no unsafe-inline is present, anna.info having "Content Security Policy (CSP) implemented with 'unsafe-inline' inside style-src" gets 0 for "Content Security Policy"
*** Content Security Policy
*** +5 HTTP Strict Transport Security - if preload is present
**** +10 Content Security Policy (CSP) implemented with default-src 'none' and no 'unsafe'
**** +5 Content Security Policy - if no unsafe-inline is present, anna.info having "Content Security Policy (CSP) implemented with 'unsafe-inline' inside style-src" gets 0 for "Content Security Policy"
*** HTTP Strict Transport Security +5 Preloaded via the HTTP Strict Transport Security (HSTS) preloading process
*** Referrer Policy +5 Referrer-Policy header set to "no-referrer", "same-origin", "strict-origin" or "strict-origin-when-cross-origin"
*** X-Frame-Options +5 X-Frame-Options (XFO) implemented via the CSP frame-ancestors directive
*https://www.google.com/webmasters/tools/mobile-friendly/?url=https%3A%2F%2Fanna.info%2F
*https://www.google.com/webmasters/tools/mobile-friendly/?url=https%3A%2F%2Fanna.info%2F
**Awesome! This page is mobile-friendly.
**Page is mobile-friendly | This page is easy to use on a mobile device
*https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fanna.info%2F
*https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fanna.info%2F
**mobile 100 / 100 Speed, 100 / 100 User Experience; desktop 100 / 100 Suggestions Summary
**mobile 80 / 100
**desktop 97 / 100


==Issues==
==Issues==

Revision as of 2018-02-20T18:44:33

Links

Issues

Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'

The "style-src 'unsafe-inline'" prevents getting +5 points. Inline CSS is used

  • for getting 100/100 on Goolge speed test, which does not seem to be possible with external CSS
  • to to CSS marking in MediaWiki, e.g. cells in tables

Other