Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Direct link to the live Observatory: https://observatory.mozilla.org/

Example run on addons.mozilla.org: https://observatory.mozilla.org/analyze.html?host=addons.moz...

The Observatory measures site's compliance with the Web Security guidelines [1] and the Server Side TLS guidelines [2]. It's primarily meant as a helper for website developers and operators.

[1] https://wiki.mozilla.org/Security/Guidelines/Web_Security

[2] https://wiki.mozilla.org/Security/Server_Side_TLS

(disclaimer: I work on security at Mozilla)



Maybe it should be called it Https observatory?

I run http only site, I installed everything from scratch and minimized all attack surfaces. I got F because I'm lacking https stuff.

But maybe I'm missing something. If you don't deal with user logins and no sessions. Do I need to get https?

Or is this site just assuming things?


You need https to guarantee data in transit is not being modified between your server and web clients. ISPs, for instance, have a bad tendency to inject tracking cookies in http traffic.


Ahhh. Okay. Thanks.


It's 2016. There's just no excuse anymore not to do TLS.


Yep, agree 100% very short sighted view of security. Their grades doesn't mean anything, other than confuse people thinking they are secure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: