This is a free (libre) browser extension. It should work on Chrome, Firefox, and Opera. When you ask it to, it searches a website for its security.txt file and shows it to you in a pretty-ish way.
When you click on its icon, it'll check /.well-known/security.txt. If it doesn't give a good error code, it'll then check security.txt.
Once it's done that, it checks whether the origin changed. This would happen if the security.txt file redirected. If it has, it gives you a big warning.
Then, it lists each directive, together with their associated comments, and expands only the Contact: directive. It looks like this:
The error is there because the protocol changed from http to https, and this is considered a new origin.
- Firefox? Install it from Firefox Add-ons
- Chrome? The Chrome Web Store requires you to be 18+ (which I'm not) and pay $5.00 in order to upload an extension. Instead, search "Load unpacked extension Chrome" in your favourite browser, and follow the instructions to take the source code in this repository and place it on Chrome.
- Opera? Coming soon, but for now, search "Load unpacked extension" in your favourite browser, and follow the instructions to take the source code in this repository and place it in Opera.
Same origin policy means it needs access to make requests. This is because the little popout is in a seperate origin to the page you're currrently viewing.
It will show you just the raw text if it finds an invalid line.
Email me at jokebookyeye [ at symbol ] gmail [dot] com.
javascript: schemes in Contact fields are not vulnerabilities, so long as they open in a new tab. If you disagree, or are unsure, feel free to get in touch!