Webseiten-Tests

Allgemeine Sicherheit

Securityheaders.io:
[securityheaders.io/]
Headers:
Content-Security-Policy, Feature-Policy, Referrer-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection;
Comodo WebInspector:
[app.webinspector.com] (Malware)
Hardenizer:
[www.hardenize.com/]
DNS:
Name-Server Configuration, DNSSEC;
SSL:
Redirect to TLS, No redirect to non-TLS, DNS-CAA-Entry (+reporting), Perfect Forward Secrecy, SSL/TLS-versions, Certificates (CT requirements), Links to non-TLS, Mixed Content;
Headers:
Content-Security-Policy (+block-all-mixed-content, upgrade-insecure-requests), Expect-CT, Public-Key-Pins (TLS report-uri), Strict-Transport-Security (preload, subdomains), X-Content-Type-Options, X-Frame-Options, X-XSS-Protection;
Privacy:
Cookies and 3rd Party Cookies;
Etc:
Subresource Integrity;
Mozilla-Observatory:
[observatory.mozilla.org/analyze.html]
SSL:
Redirect to TLS;
Headers:
Redirect to TLS; Access-Control-Allow-Origin, Content-Security-Policy, Public-Key-Pins, Referrer-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection;
Etc:
Cookies, Subresource Integrity;

Privatsphäre

Privacyscore:
[privacyscore.org/site/87021/]
SSL:
Redirect to TLS, No redirect to non-TLS, Perfect Forward Secrecy, SSL/TLS-versions, Mixed Content, Protection agains known attacs;
Headers:
Content-Security-Policy, Public-Key-Pins, Referrer-Policy, Strict-Transport-Security (+duration, +preload), X-Content-Type-Options, X-Frame-Options, X-XSS-Protection;
Privacy:
3rd Party Components, Trackers, Number of Cookies and 3rd Party Cookies, Google Analytics, Country of Webserver and Mailserver (GDPR);
Webkoll:
[webbkoll.dataskydd.net/de/]
SSL:
Redirect to TLS, SSL/TLS-versions, Certificates *(CT requirements), Mixed Content;
Headers:
Content-Security-Policy, *Public-Key-Pins, Referrer-Policy, Strict-Transport-Security (+duration, +preload), X-Content-Type-Options, X-Frame-Options, X-XSS-Protection;
Privacy:
Cookies and 3rd Party Cookies, LocalStorage, Country of Webserver and Mailserver (GDPR);
Etc:
Subresource Integrity;

Verschlüsselung

CryptCheck:
[www.ssllabs.com/ssltest/analyze.html]
SSL:
SSL/TLS-versions, DNS-CAA-Entry;
Header:
Strict-Transport-Security (+duration);
Erzeuge DNS-CAA-Eintrag:
[sslmate.com/caa/]
Zertifikat-Überwachung:
[sslmate.com/dashboard]
HTTPS-Preload (nur für volle Domains verfügbar, nicht für www.*)
[hstspreload.org]

Geschwindigkeit:

Webpagetest.org:
[webpagetest.org]
dotcom-tools.com.org:
[www.dotcom-tools.com/website-speed-test.asp]

Andere Linklisten: