Others - SECURITY-OBSERVATORY Factor
A JSON which checks the HTTP website security like cookies, xss protection and so on. If the website HTTP could not be checked then returns nul
{
"tests_quantity":11.0,
"x-frame-options":{
"expectation":"x-frame-options-sameorigin-or-deny",
"name":"x-frame-options",
"output":{
"data":"deny"
},
"pass":true,
"result":"x-frame-options-sameorigin-or-deny",
"score_description":"X-Frame-Options (XFO) header set to SAMEORIGIN or DENY",
"score_modifier":0.0,
"id":10
},
"contribute":{
"expectation":"contribute-json-only-required-on-mozilla-properties",
"name":"contribute",
"output":{
},
"pass":true,
"result":"contribute-json-only-required-on-mozilla-properties",
"score_description":"Contribute.json isn\u0027t required on websites that don\u0027t belong to Mozilla",
"score_modifier":0.0,
"id":2
},
"cross-origin-resource-sharing":{
"expectation":"cross-origin-resource-sharing-not-implemented",
"name":"cross-origin-resource-sharing",
"output":{
"data":{
}
},
"pass":true,
"result":"cross-origin-resource-sharing-not-implemented",
"score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers",
"score_modifier":0.0,
"id":4
},
"cookies":{
"expectation":"cookies-secure-with-httponly-sessions",
"name":"cookies",
"output":{
"data":{
"MSPOK":{
"domain":".login.live.com",
"httponly":true,
"path":"/",
"secure":""
},
"MSPRequ":{
"domain":"login.live.com",
"httponly":true,
"path":"/",
"secure":""
},
"uaid":{
"domain":".login.live.com",
"httponly":true,
"path":"/",
"secure":""
}
}
},
"pass":false,
"result":"cookies-without-secure-flag-but-protected-by-hsts",
"score_description":"Cookies set without using the Secure flag, but transmission over HTTP prevented by HSTS",
"score_modifier":-5.0,
"id":3
},
"strict-transport-security":{
"expectation":"hsts-implemented-max-age-at-least-six-months",
"name":"strict-transport-security",
"output":{
"data":"max-age\u003d31536000",
"includeSubDomains":false,
"max-age":3.1536E7,
"preload":false,
"preloaded":false
},
"pass":true,
"result":"hsts-implemented-max-age-at-least-six-months",
"score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)",
"score_modifier":0.0,
"id":7
},
"score":60.0,
"tests_passed":7.0,
"content-security-policy":{
"expectation":"csp-implemented-with-no-unsafe",
"name":"content-security-policy",
"output":{
},
"pass":false,
"result":"csp-not-implemented",
"score_description":"Content Security Policy (CSP) header not implemented",
"score_modifier":-25.0,
"id":1
},
"x-content-type-options":{
"expectation":"x-content-type-options-nosniff",
"name":"x-content-type-options",
"output":{
"data":"nosniff"
},
"pass":true,
"result":"x-content-type-options-nosniff",
"score_description":"X-Content-Type-Options header set to \"nosniff\"",
"score_modifier":0.0,
"id":9
},
"x-xss-protection":{
"expectation":"x-xss-protection-1-mode-block",
"name":"x-xss-protection",
"output":{
"data":"1; mode\u003dblock"
},
"pass":true,
"result":"x-xss-protection-enabled-mode-block",
"score_description":"X-XSS-Protection header set to \"1; mode\u003dblock\"",
"score_modifier":0.0,
"id":11
},
"subresource-integrity":{
"expectation":"sri-implemented-and-external-scripts-loaded-securely",
"name":"subresource-integrity",
"output":{
"data":{
"https://auth.gfx.ms/16.000.26657.00/DefaultLoginStrings.EN.js":{
},
"https://auth.gfx.ms/16.000.26657.00/DefaultLogin_Core.js":{
}
}
},
"pass":false,
"result":"sri-not-implemented-but-external-scripts-loaded-securely",
"score_description":"Subresource Integrity (SRI) not implemented, but all external scripts are loaded over https",
"score_modifier":-5.0,
"id":8
},
"grade":"C+",
"public-key-pinning":{
"expectation":"hpkp-not-implemented",
"name":"public-key-pinning",
"output":{
"includeSubDomains":false,
"preloaded":false
},
"pass":true,
"result":"hpkp-not-implemented",
"score_description":"HTTP Public Key Pinning (HPKP) header not implemented",
"score_modifier":0.0,
"id":5
},
"state":"FINISHED",
"tests_failed":4.0,
"redirection":{
"expectation":"redirection-to-https",
"name":"redirection",
"output":{
"destination":"https://login.live.com/login.srf?wa\u003dwsignin1.0\u0026rpsnv\u003d13\u0026ct\u003d1477620955\u0026rver\u003d6.4.6456.0\u0026wp\u003dMBI_SSL_SHARED\u0026wreply\u003dhttps:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox\u0026lc\u003d1033\u0026id\u003d64855\u0026mkt\u003den-US\u0026cbcxt\u003dmai",
"redirects":true,
"route":[
"http://www.hotmail.com/",
"https://mail.live.com/default.aspx",
"https://login.live.com/login.srf?wa\u003dwsignin1.0\u0026rpsnv\u003d13\u0026ct\u003d1477620955\u0026rver\u003d6.4.6456.0\u0026wp\u003dMBI_SSL_SHARED\u0026wreply\u003dhttps:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox\u0026lc\u003d1033\u0026id\u003d64855\u0026mkt\u003den-US\u0026cbcxt\u003dmai"
],
"status_code":302.0
},
"pass":false,
"result":"redirection-off-host-from-http",
"score_description":"Initial redirection from http to https is to a different host, preventing HSTS",
"score_modifier":-5.0,
"id":6
}
}
| Key | Type | Description |
|---|---|---|
| grade | String | Final grade assessed upon a completed scan. |
| score | Integer | Final score from the test. |
| state | String | The state returned from the security test, can be finished or aborted or failed. |
| tests_failed | Integer | Indicating the number of tests which failed. |
| tests_passed | Integer | Indicating the number of tests which passed. |
| tests_quantity | Integer | Number of tests executed. |
| expectation | String | The expectation of what the test need to return. |
| name | String | Current test name. |
| output | Object | Artifacts related to the test. |
| data | Object | The data found inside each test content, like the cache that the website has and the factor is testing. |
| ???? | Object | Other values under output key have another keys that may vary. |
| pass | String | Whether the test passed or failed; a test that meets or exceeds the expectation will be marked as passed. |
| result | String | Result of the test. |
| score_description | String | Short description describing what result means. |
| id | Integer | Test ID. |
| score_modifier | String | How much the result of the test affected the final score; should range between +5 and -50. |
More SEO Factors
- Google Adsense
- Alexa Global Rank
- amp
- Google Analytics
- Backlinks Anchors
- Backlinks
- Blog Page
- Citations Number
- Conversion Forms
- crawlable
- Doctype
- Duplicate Content
- Emails
- Custom 404 Page
- Facebook Shares
- Facebook Page
- Favicon Image
- Flash
- Frames
- Google Preview
- Google Page
- Google My Business Rating Score
- Google My Business Reviews Number
- Google Plus shares
- Headings
- HTML validity
- Alternative Text for Images
- Language
- Linkedin shares
- load-time
- Logo
- Meta description
- Meta Keywords
- mobile-check
- NAP as TEXT
- on-bing-maps
- Registered to Google Maps
- In-Page Links
- Phones
- Pinterest images
- Google My Business +1es Number
- Printer Friendly CSS
- rel-author
- Google Canonical URL
- Google Publishership
- Responsiveness
- robots.txt
- security-observatory
- IP Address
- Location
- XML SiteMap
- Speed Score
- SSL Http Check
- Structured Data
- Technologies
- Encoding
- Text/HTML ratio
- thumbnail
- Title
- Twitter recent backlinks
- Twitter Page
- URL
- url-protocol
- URL Underscore
- WWW resolve