The security technician of the institution Mozilla April Knight released a project called Observatory. Observatory is a free web security scanning utility similar to scanning services SSL Labs and High-Tech Bridge.
The service has been deployed with Python and is available in GitHub. It was under development for months and was approved for public release just yesterday.
Cbservatory is targeted at developers, system administrators, and security professionals who want to set up websites that use modern security protocols.
The Observatory scans each website for the presence of basic security features and then scores it with scores from 0 to 130, which then converts to a score from A to F.
In its current format, the script scans and scores for the following services:
Content Security Policy (CSP) status,
cookie files using Secure flag,
Cross-Origin Resource Sharing (CORS) status,
HTTP Public Key pinning (HPKP) status,
HTTP Strict Transport Security (HSTS) status,
percentage of automatic redirection from HTTP to HTTPS,
Subsource Integrity (SRI) status,
X-Content-Type-Options status,
X-Frame-Options (XFO) status, and
X-XSS-Protection status.
According to Knight, who has carried out automatic scanning over 1,3 million websites, over 91% of modern websites fail Observatory tests.
Download the script