mozilla / http-observatory Public

Notifications
Fork 163
Star 1.8k

Code
Issues 67
Pull requests 15
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

Issues: mozilla/http-observatory

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

67 Open 161 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Issues list

Problematic advice regarding cookies with HSTS without secure flag security

An issue that relates to the content of the security recommendations in Observatory

#515 opened Dec 15, 2023 by hannob

Set-cookie: HttpOnly flag seems to misinterpreted by Observatory checks

#513 opened Sep 25, 2023 by ArtM01

Blank http-equiv causes CSP test to fail with 'csp-header-invalid'

#492 opened Jan 25, 2023 by cuibonobo

CSP in <meta> is not analyzed when sent together with CSP in header

#489 opened Nov 14, 2022 by rw-AntoniRoszak

database-down

#480 opened Aug 30, 2022 by roxannelandry

Can't run it on ARM Mac

#475 opened Apr 14, 2022 by twocs

Allow multiple headers when parsing CSP

#466 opened Mar 22, 2022 by april

Don't recommend "Deny by default" when prefetch-src is experimental

#463 opened Feb 28, 2022 by carlin-q-scott

Content Security Policy (CSP) implemented unsafely

#461 opened Jan 12, 2022 by digitalgregg

Not Working for localhost website

#459 opened Dec 16, 2021 by Engineerumair

hsts-preloaded not taken into account

#456 opened Nov 15, 2021 by mktl73

Subresource Integrity warning for scripts with data-uri

#455 opened Nov 4, 2021 by exyi

CSP help question

#452 opened Oct 6, 2021 by azrael11

HTTP to HTTPS redirection not validated on subdomain

#451 opened Sep 16, 2021 by deastr

Add missing scan options

#450 opened Aug 31, 2021 by jamesalexatkin

Absence of scripts or cookies should not be worth fewer points than secure cookies/scripts

#449 opened Aug 1, 2021 by Seirdy

Support for proxy route-based forwarding

#447 opened Jun 7, 2021 by pbryant-phew

Warn if "Server" header reveals software version feature request

#443 opened May 7, 2021 by JeremyRand

User-Agent changed?

#442 opened Apr 12, 2021 by craigfrancis

SameSite='None' flagged as invalid

#433 opened Oct 19, 2020 by thecontrarycat

Don't penalize disabled X-XSS-PROTECTION

#432 opened Sep 14, 2020 by franziskuskiefer

Automatic update of the *.json files.

#431 opened Aug 20, 2020 by dalf

Firefox Addon: Show Grade of Website

#429 opened Aug 19, 2020 by NoNamePro0

SRI

#427 opened Jul 24, 2020 by malekalmorte75

HTTP Observatory "Scan In Progress" never finishes.

#424 opened Jun 16, 2020 by ghost

Previous 1 2 3 Next

Previous Next

ProTip! no:milestone will show everything without a milestone.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly