webbkoll
webbkoll copied to clipboard
andersju
An online tool that checks how a website is doing with regards to privacy
# A. Problem / Aim The report generated by the "webbkoll" project is detailed and certainly easy to read for technically (very) experienced people. For non-technical or less technical people,...
Hello, there are a few (about 5–10) source string comments in Weblate, i. e. I had questions regarding some original/English strings. Some are very recent while others are over a...
Hello, webbkol is a great tool for checking and training for good CSP-practice! We like to run webbkoll backend and frontend. But we have no experience with erlang/elixir so far....
Hi, The current report on SRI does not check for nonce, but flags non-SRI if no hash is implemented. For example, is flagged as 'Subresource Integrity (SRI) not implemented,' I...
While the tool is very useful for validating your own servers, it is sometimes useful to point out problems for other parties. Unfortunately the testing phase takes a bit of...
I had a server with an invalid CSP header. I got a lot of strange errors until I figured out the main culprit. It would be beneficial to make sure...
I.E cloudflare inject stuffs before doing the redirection. So one needs to look at all levels of redirects (i.e. HTTP 301) before drawing any conclusions of the location.
Adding this issue since I saw in #14 that dockerising is on Ander's todo list. May find some time myself to do something to that effect - no promises yet...
It would be nice if web beacons like Facebook Pixel etc. were also detected.
With content security policies in both, HTTP header and HTML `` element, Webbkoll ignores `default-src 'none'`. Example report from https://webbkoll.dataskydd.net: > Content Security Policy set in HTTP header: default-src 'none';...
