Jasper Moelker

[Groups are added to `config.js`](https://github.com/voorhoede/lighthouse-security/blob/master/config.js#L53-L99) but are not showing up in the report.

Resolves #8.

Let's move the badge to a "Thanks to" section at the end of the readme. Together with credits to Google Lighthouse, OWASP, MDN and Snyk.

See #63.

Driver seems to have [built-in safe browsing](https://github.com/GoogleChrome/lighthouse/blob/43baee69702d3c85a53e96ab52b0f73d3548af95/chrome-launcher/flags.ts#L17). Maybe we can use that rather than the API?

@markomalis should we use the `RequestHeaders` gatherer and just test for the header on the document or should we use the `devtoolsLogs` gatherer and check all HTTP requests made by...

Seems due to [known lighthouse issue](https://github.com/GoogleChrome/lighthouse/issues/73). That issue has been closed but isn't really resolved if you read along the thread. So probably just have to wait it out and...

Should CSP meta be considered a good practice or avoided? > CSPs preferred delivery mechanism is an HTTP header. > -- [Google Web Fundamentals](https://developers.google.com/web/fundamentals/security/csp/#the_meta_tag) If should be avoided, that's the...

Nice to hear! I dropped Lightkeeper with some of my perf-obsessed colleagues. Hope they do a bit more experimenting with it first. So that we get a better feel of...

@redonkulus I ran into the same issue. I solved it by prepending a bash test to the script: ```yml after_success: - test $TRAVIS_EVENT_TYPE = "pull_request" && now-travis ``` And since...