Change Log

Requesting Sites Differently

July 27th, 2019
Originally, we made a quick HEAD request to your site, checked the headers, and reported. Some sites (like www.masterlock.com) handled methods they didn't desire correctly with a HTTP 405 Method Not Implemented. Others (like www.bluehost.com) returned a HTTP 406 Not Acceptable. I've tried a few different fixes for these sites, from updating the requiest headers to show the latest Firefox version, to changing to Accept: */*. This didn't fix the issue for the 406 sites. I then tried changing the request method from HEAD to GET and I started getting valid HTTP 200 OK responses. Because of this, I've changed the request system ongoing to use GET and I've also iterated the version of the scans from v3.0.0 to v3.1.0. Your scores may be impacted, so check often!

Major Scanning / Scoring Rewrite

July 4th, 2019
The original version of this site focused heavily on getting the content from the site and outputting suggestions. Scoring information gamifys security and creates additional motivation to improve your scoring. The previous version of the site worked in such a way that any "good" status was 10 points, and "improve" was 5, and any "bad" was a 0. Since headers have varying importance levels, and configuration options of those headers can greatly improve or reduce the effectiveness of a header, it only made sense to allow more dynamic scoring.

Rewrite Scanner

The scanner was implemented in such a way that improving the codebase was a mess. It was a demonstration piece that became useful. The entire backend of this site was rewrote to use a series of modules that can control their own point systems and output data about a header. This modularity makes improving a single module much easier and will only allow better scanning in the future.

Other Changes

Future Changes

Currently, we only check that you're using specfic headers, and a few parameters within them. The goal is to build out full parameter audit as well which will give you the best idea how you can improve your security.

Remember that your score probably will change when we make these changes. Some sites have improved in score, others have actually went down in score. We've also rebracketted the "score words" that quantify the number (Meh, Fail, etc). These have become more strict.