Others - SECURITY-OBSERVATORY Factor
A JSON which checks the HTTP website security like cookies, xss protection and so on. If the website HTTP could not be checked then returns nul
{
"tests_quantity":11.0,
"x-frame-options":{
"expectation":"x-frame-options-sameorigin-or-deny",
"name":"x-frame-options",
"output":{
"data":"deny"
},
"pass":true,
"result":"x-frame-options-sameorigin-or-deny",
"score_description":"X-Frame-Options (XFO) header set to SAMEORIGIN or DENY",
"score_modifier":0.0,
"id":10
},
"contribute":{
"expectation":"contribute-json-only-required-on-mozilla-properties",
"name":"contribute",
"output":{
},
"pass":true,
"result":"contribute-json-only-required-on-mozilla-properties",
"score_description":"Contribute.json isn\u0027t required on websites that don\u0027t belong to Mozilla",
"score_modifier":0.0,
"id":2
},
"cross-origin-resource-sharing":{
"expectation":"cross-origin-resource-sharing-not-implemented",
"name":"cross-origin-resource-sharing",
"output":{
"data":{
}
},
"pass":true,
"result":"cross-origin-resource-sharing-not-implemented",
"score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers",
"score_modifier":0.0,
"id":4
},
"cookies":{
"expectation":"cookies-secure-with-httponly-sessions",
"name":"cookies",
"output":{
"data":{
"MSPOK":{
"domain":".login.live.com",
"httponly":true,
"path":"/",
"secure":""
},
"MSPRequ":{
"domain":"login.live.com",
"httponly":true,
"path":"/",
"secure":""
},
"uaid":{
"domain":".login.live.com",
"httponly":true,
"path":"/",
"secure":""
}
}
},
"pass":false,
"result":"cookies-without-secure-flag-but-protected-by-hsts",
"score_description":"Cookies set without using the Secure flag, but transmission over HTTP prevented by HSTS",
"score_modifier":-5.0,
"id":3
},
"strict-transport-security":{
"expectation":"hsts-implemented-max-age-at-least-six-months",
"name":"strict-transport-security",
"output":{
"data":"max-age\u003d31536000",
"includeSubDomains":false,
"max-age":3.1536E7,
"preload":false,
"preloaded":false
},
"pass":true,
"result":"hsts-implemented-max-age-at-least-six-months",
"score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)",
"score_modifier":0.0,
"id":7
},
"score":60.0,
"tests_passed":7.0,
"content-security-policy":{
"expectation":"csp-implemented-with-no-unsafe",
"name":"content-security-policy",
"output":{
},
"pass":false,
"result":"csp-not-implemented",
"score_description":"Content Security Policy (CSP) header not implemented",
"score_modifier":-25.0,
"id":1
},
"x-content-type-options":{
"expectation":"x-content-type-options-nosniff",
"name":"x-content-type-options",
"output":{
"data":"nosniff"
},
"pass":true,
"result":"x-content-type-options-nosniff",
"score_description":"X-Content-Type-Options header set to \"nosniff\"",
"score_modifier":0.0,
"id":9
},
"x-xss-protection":{
"expectation":"x-xss-protection-1-mode-block",
"name":"x-xss-protection",
"output":{
"data":"1; mode\u003dblock"
},
"pass":true,
"result":"x-xss-protection-enabled-mode-block",
"score_description":"X-XSS-Protection header set to \"1; mode\u003dblock\"",
"score_modifier":0.0,
"id":11
},
"subresource-integrity":{
"expectation":"sri-implemented-and-external-scripts-loaded-securely",
"name":"subresource-integrity",
"output":{
"data":{
"https://auth.gfx.ms/16.000.26657.00/DefaultLoginStrings.EN.js":{
},
"https://auth.gfx.ms/16.000.26657.00/DefaultLogin_Core.js":{
}
}
},
"pass":false,
"result":"sri-not-implemented-but-external-scripts-loaded-securely",
"score_description":"Subresource Integrity (SRI) not implemented, but all external scripts are loaded over https",
"score_modifier":-5.0,
"id":8
},
"grade":"C+",
"public-key-pinning":{
"expectation":"hpkp-not-implemented",
"name":"public-key-pinning",
"output":{
"includeSubDomains":false,
"preloaded":false
},
"pass":true,
"result":"hpkp-not-implemented",
"score_description":"HTTP Public Key Pinning (HPKP) header not implemented",
"score_modifier":0.0,
"id":5
},
"state":"FINISHED",
"tests_failed":4.0,
"redirection":{
"expectation":"redirection-to-https",
"name":"redirection",
"output":{
"destination":"https://login.live.com/login.srf?wa\u003dwsignin1.0\u0026rpsnv\u003d13\u0026ct\u003d1477620955\u0026rver\u003d6.4.6456.0\u0026wp\u003dMBI_SSL_SHARED\u0026wreply\u003dhttps:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox\u0026lc\u003d1033\u0026id\u003d64855\u0026mkt\u003den-US\u0026cbcxt\u003dmai",
"redirects":true,
"route":[
"http://www.hotmail.com/",
"https://mail.live.com/default.aspx",
"https://login.live.com/login.srf?wa\u003dwsignin1.0\u0026rpsnv\u003d13\u0026ct\u003d1477620955\u0026rver\u003d6.4.6456.0\u0026wp\u003dMBI_SSL_SHARED\u0026wreply\u003dhttps:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox\u0026lc\u003d1033\u0026id\u003d64855\u0026mkt\u003den-US\u0026cbcxt\u003dmai"
],
"status_code":302.0
},
"pass":false,
"result":"redirection-off-host-from-http",
"score_description":"Initial redirection from http to https is to a different host, preventing HSTS",
"score_modifier":-5.0,
"id":6
}
}
{
"tests_quantity": 11,
"x-frame-options": {
"expectation": "x-frame-options-sameorigin-or-deny",
"name": "x-frame-options",
"output": {
"data": "deny"
},
"pass": true,
"result": "x-frame-options-sameorigin-or-deny",
"score_description": "X-Frame-Options(XFO)headersettoSAMEORIGINorDENY",
"score_modifier": 0,
"id": 10
},
"contribute": {
"expectation": "contribute-json-only-required-on-mozilla-properties",
"name": "contribute",
"output": {},
"pass": true,
"result": "contribute-json-only-required-on-mozilla-properties",
"score_description": "Contribute.jsonisn'trequiredonwebsitesthatdon'tbelongtoMozilla",
"score_modifier": 0,
"id": 2
},
"cross-origin-resource-sharing": {
"expectation": "cross-origin-resource-sharing-not-implemented",
"name": "cross-origin-resource-sharing",
"output": {
"data": {}
},
"pass": true,
"result": "cross-origin-resource-sharing-not-implemented",
"score_description": "Contentisnotvisibleviacross-originresourcesharing(CORS)filesorheaders",
"score_modifier": 0,
"id": 4
},
"cookies": {
"expectation": "cookies-secure-with-httponly-sessions",
"name": "cookies",
"output": {
"data": {
"MSPOK": {
"domain": ".login.live.com",
"httponly": true,
"path": "/",
"secure": ""
},
"MSPRequ": {
"domain": "login.live.com",
"httponly": true,
"path": "/",
"secure": ""
},
"uaid": {
"domain": ".login.live.com",
"httponly": true,
"path": "/",
"secure": ""
}
}
},
"pass": false,
"result": "cookies-without-secure-flag-but-protected-by-hsts",
"score_description": "CookiessetwithoutusingtheSecureflag,buttransmissionoverHTTPpreventedbyHSTS",
"score_modifier": -5,
"id": 3
},
"strict-transport-security": {
"expectation": "hsts-implemented-max-age-at-least-six-months",
"name": "strict-transport-security",
"output": {
"data": "max-age=31536000",
"includeSubDomains": false,
"max-age": 31536000,
"preload": false,
"preloaded": false
},
"pass": true,
"result": "hsts-implemented-max-age-at-least-six-months",
"score_description": "HTTPStrictTransportSecurity(HSTS)headersettoaminimumofsixmonths(15768000)",
"score_modifier": 0,
"id": 7
},
"score": 60,
"tests_passed": 7,
"content-security-policy": {
"expectation": "csp-implemented-with-no-unsafe",
"name": "content-security-policy",
"output": {},
"pass": false,
"result": "csp-not-implemented",
"score_description": "ContentSecurityPolicy(CSP)headernotimplemented",
"score_modifier": -25,
"id": 1
},
"x-content-type-options": {
"expectation": "x-content-type-options-nosniff",
"name": "x-content-type-options",
"output": {
"data": "nosniff"
},
"pass": true,
"result": "x-content-type-options-nosniff",
"score_description": "X-Content-Type-Optionsheadersetto\"nosniff\"",
"score_modifier": 0,
"id": 9
},
"x-xss-protection": {
"expectation": "x-xss-protection-1-mode-block",
"name": "x-xss-protection",
"output": {
"data": "1;mode=block"
},
"pass": true,
"result": "x-xss-protection-enabled-mode-block",
"score_description": "X-XSS-Protectionheadersetto\"1;mode=block\"",
"score_modifier": 0,
"id": 11
},
"subresource-integrity": {
"expectation": "sri-implemented-and-external-scripts-loaded-securely",
"name": "subresource-integrity",
"output": {
"data": {
"https://auth.gfx.ms/16.000.26657.00/DefaultLoginStrings.EN.js": {},
"https://auth.gfx.ms/16.000.26657.00/DefaultLogin_Core.js": {}
}
},
"pass": false,
"result": "sri-not-implemented-but-external-scripts-loaded-securely",
"score_description": "SubresourceIntegrity(SRI)notimplemented,butallexternalscriptsareloadedoverhttps",
"score_modifier": -5,
"id": 8
},
"grade": "C+",
"public-key-pinning": {
"expectation": "hpkp-not-implemented",
"name": "public-key-pinning",
"output": {
"includeSubDomains": false,
"preloaded": false
},
"pass": true,
"result": "hpkp-not-implemented",
"score_description": "HTTPPublicKeyPinning(HPKP)headernotimplemented",
"score_modifier": 0,
"id": 5
},
"state": "FINISHED",
"tests_failed": 4,
"redirection": {
"expectation": "redirection-to-https",
"name": "redirection",
"output": {
"destination": "https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1477620955&rver=6.4.6456.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox&lc=1033&id=64855&mkt=en-US&cbcxt=mai",
"redirects": true,
"route": [
"http://www.hotmail.com/",
"https://mail.live.com/default.aspx",
"https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1477620955&rver=6.4.6456.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox&lc=1033&id=64855&mkt=en-US&cbcxt=mai"
],
"status_code": 302
},
"pass": false,
"result": "redirection-off-host-from-http",
"score_description": "Initialredirectionfromhttptohttpsistoadifferenthost,preventingHSTS",
"score_modifier": -5,
"id": 6
}
}| Key | Type | Description |
|---|---|---|
| grade | String | Final grade assessed upon a completed scan. |
| score | Integer | Final score from the test. |
| state | String | The state returned from the security test, can be finished or aborted or failed. |
| tests_failed | Integer | Indicating the number of tests which failed. |
| tests_passed | Integer | Indicating the number of tests which passed. |
| tests_quantity | Integer | Number of tests executed. |
| expectation | String | The expectation of what the test need to return. |
| name | String | Current test name. |
| output | Object | Artifacts related to the test. |
| data | Object | The data found inside each test content, like the cache that the website has and the factor is testing. |
| ???? | Object | Other values under output key have another keys that may vary. |
| pass | String | Whether the test passed or failed; a test that meets or exceeds the expectation will be marked as passed. |
| result | String | Result of the test. |
| score_description | String | Short description describing what result means. |
| id | Integer | Test ID. |
| score_modifier | String | How much the result of the test affected the final score; should range between +5 and -50. |
More SEO Factors
- Google Adsense
- Alexa Global Rank
- amp
- Google Analytics
- Backlinks Anchors
- Backlinks
- Blog Page
- Citations Number
- Conversion Forms
- crawlable
- Doctype
- Duplicate Content
- Emails
- Custom 404 Page
- Facebook Shares
- Facebook Page
- Favicon Image
- Flash
- Frames
- Google Preview
- Google Page
- Google My Business Rating Score
- Google My Business Reviews Number
- Google Plus shares
- Headings
- HTML validity
- Alternative Text for Images
- Language
- Linkedin shares
- load-time
- Logo
- Meta description
- Meta Keywords
- mobile-check
- NAP as TEXT
- on-bing-maps
- Registered to Google Maps
- In-Page Links
- Phones
- Pinterest images
- Google My Business +1es Number
- Printer Friendly CSS
- rel-author
- Google Canonical URL
- Google Publishership
- Responsiveness
- robots.txt
- security-observatory
- IP Address
- Location
- XML SiteMap
- Speed Score
- SSL Http Check
- Structured Data
- Technologies
- Encoding
- Text/HTML ratio
- thumbnail
- Title
- Twitter recent backlinks
- Twitter Page
- URL
- url-protocol
- URL Underscore
- WWW resolve