search

mozilla / http-observatory-cli

The command line tool for the HTTP Observatory
Mozilla Public License 2.0
91 stars 11 forks source link

no need to give score for failing grade #1

Closed freddyb closed 8 years ago

freddyb commented 8 years ago

STR for Ubuntu 14.04.4 LTS using Python 2.7.6 1) virtualenv foo 2) source foo/bin/activate 3) pip install httpobs-cli 4) httpobs-cli <something that redirects to https, e.g., 0e.vc>

  InsecurePlatformWarning
/home/freddy/opt/httpobs-cli/venv/local/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
Results are cached from 2h0m30s ago; use -r to rescan.

Score: 0 [F]
Modifiers:
    [  -5] X-Content-Type-Options header not implemented
    [ -10] X-XSS-Protection header not implemented
    [ -20] Does not redirect to an https site
    [ -20] HTTP Strict Transport Security (HSTS) header not implemented
    [ -20] X-Frame-Options (XFO) header not implemented
    [ -25] Content Security Policy (CSP) header not implemented
april commented 8 years ago

You can still have a failing grade (<20) while still having a positive score. I'll likely adjust how the scoring works in the future, but for now I think I'm going to display them both.