Mozilla Foundation security engineer April Knight released one project which he calls Observatory. Observatory is a free web security scanning utility similar to scanning services SSL Labs and High-Tech Bridge.
The service has been deployed with Python and is available in GitHub. It was under development for months and was approved for public release just yesterday.
Observatory is aimed at developers, system administrators, and security professionals who want to configure websites that use modern security protocols.
The Observatory scans each website for the presence of basic security features and then scores it with scores from 0 to 130, which then converts to a score from A to F.
In its current form the script, scans and scores for the following services:
Content Security Policy (CSP) status,
cookie files using Secure flag,
Cross-Origin Resource Sharing (CORS) status,
HTTP Public Key Pinning (HPKP) status,
HTTP Strict Transport Security (HSTS) status,
percentage of automatic redirection from HTTP to HTTPS,
Subsource Integrity (SRI) status,
X-Content-Type-Options status,
X-Frame-Options (XFO) status, and
X-XSS-Protection status.
According to Knight, who has authored more than 1,3 millions of websites, more than 91% of modern websites fail on CBServatory's tests.
Download the script