- Mozilla: https://observatory.mozilla.org/
- トレンドマイクロ: https://global.sitesafety.trendmicro.com/?cc=jp
- Google: https://www.virustotal.com/gui/home/upload
問題:
- : Cookie No HttpOnly Flag [10010]
- : Re-examine Cache-control Directives [10015]
- : Cross-Domain JavaScript Source File Inclusion [10017]
- : Missing Anti-clickjacking Header [10020]
- : X-Content-Type-Options Header Missing [10021]
- : Information Disclosure - Suspicious Comments [10027]
- : Cookie Poisoning [10029]
- : User Controllable HTML Element Attribute (Potential XSS) [10031]
- : Strict-Transport-Security Header Not Set [10035]
- : Content Security Policy (CSP) Header Not Set [10038]
- : Secure Pages Include Mixed Content [10040]
- : Storable and Cacheable Content [10049]
- : Cookie without SameSite Attribute [10054]
- : Permissions Policy Header Not Set [10063]
- : Timestamp Disclosure - Unix [10096]
- : Modern Web Application [10109] (対応しなくてもよい)
- : Dangerous JS Functions [10110]
- : Session Management Response Identified [10112]
- : Absence of Anti-CSRF Tokens [10202]
- : Sub Resource Integrity Attribute Missing [90003]
- : Charset Mismatch [90011]