Absence of scripts or cookies should not be worth fewer points than secure cookies/scripts #449
Comments
KamilaBorowska
added a commit
to KamilaBorowska/http-observatory
that referenced
this issue
May 18, 2022
HTTP Observatory shouldn't encourage web developers to add cookies to their website simply to get more points. Fixes mozilla#449.
Seirdy
added a commit
to Seirdy/http-observatory
that referenced
this issue
Sep 20, 2022
HTTP Observatory shouldn't encourage web developers to add scripts to their website simply to get more points. Fixes mozilla#449
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the HTTP Observatory grants an extra 5 points for secure cookies and 5 for scripts with SRI; it grants +0 if a site has no cookies and +0 for sites without any scripts.
Secure cookies and scripts aren't as secure as an absence of cookies and scripts, so it doesn't make sense to give sites with these features a higher score than cookieless/scriptless sites. Rewarding cookieless/scriptless sites at least as much could help push the idea that cookies and scripts shouldn't be used unnecessarily.
The text was updated successfully, but these errors were encountered: