Issues
- 5
HSTS preloaded, no extra points added
#230 opened by janpluta - 2
No +5 for HSTS when preloaded
#292 opened by doffiz - 3
Alter scoring for X-XSS-Protection or remove
#254 opened by roycewilliams - 1
- 1
- 2
- 7
This site returned an HTTP status code other than 200 (OK), which may cause its results to be inaccurate.
#265 opened by demogit-code - 6
TLS Observatory reports "untrusted or invalid certificate" if the cert chain contains the expired "DST Root CA X3" cert cross-signing the "ISRG Root X1" cert for Let's Encrypt
#291 opened by JulienPalard - 7
scan results are not displayed
#279 opened by FGAGwendalG - 1
Add a LICENSE file
#294 opened by danielnazer - 0
Observatory could tell (and attribute points?) to servers implementing HTTP/2, HTTP/3
#293 opened by JulienPalard - 0
Bad score should not be assigned to sites claiming http://127.0.0.1 in their Content-Security-Policy header
#289 opened by Idopte - 4
frame-ancestors not recognized with default-src 'none'
#266 opened by arigon - 1
SSH Observatory (rubidus.com) is gone
#280 opened by dougwaldron - 4
Characters deleted out of URL field
#274 opened by planeflyer1000 - 3
Sites behind CloudFlare Bot protection can't be scanned
#269 opened by ybh10 - 1
Missing LICENSE file
#282 opened by TechnologyClassroom - 4
bug with processing CSP
#284 opened by mrl5 - 2
"header cannot be recognized" when duplicated
#262 opened by Virsacer - 0
Trailing Slash Breaks Layout
#272 opened by justinferrell - 1
FAQ links to non-existent site (htbridge.com/ssl)
#273 opened by dougwaldron - 5
Let's encrypt ECDSA certificate always gives untrusted or invalid certificate error.
#263 opened by nakoo - 2
TLS Observatory not opening: CSP script-src issue?
#255 opened by ankon - 1
Scan does not run
#270 opened by rugk - 0
Recognize http code 308
#264 opened by xuchenCN - 2
Not detecting framce-ancestors and form-action
#261 opened by Macleykun - 3
SRI check on WP, HSTS site
#259 opened by churchthecat - 4
add support to observer urls with path
#219 opened by 532910 - 0
- 1
Some sites are jumping between grades daily
#243 opened by nukeador - 1
WAF as a Compensating Control?
#246 opened by MClearnsNow - 0
TLS Observatory hangs whenever TLS 1.3 is enabled (including the recommended "Modern" config)
#244 opened by weinzierl - 1
Improve navbar
#241 opened by himanshu007-creator - 0
Incorrect CSP analysis of `eval()`
#240 opened by shaialon - 7
bug: Fail on TLS 1.3-only
#238 opened by annainfo - 1
Decomission the SSH Tab
#234 opened by claudijd - 1
SRI failed because of external script
#225 opened by d0xx0b - 2
- 7
The the page for forum.vodafone.ro is stuck?
#226 opened by Caspy7 - 5
HTTP Observatory stuck on loading results
#214 opened by ChrisF999 - 4
wrong Complete Results hstspreload.org link
#222 opened by 532910 - 2
Observatory accessible via unsecure domain
#224 opened by nusa-gr1 - 1
Multiple X-Content-Type-Options headers not recognised
#223 opened by rgrey - 4
wrong HSTS max-age shown
#221 opened by 532910 - 28
SSH Scan Failed for ed25519-only servers
#220 opened by 532910 - 5
Possible scoring issue on Mozilla Observatory
#215 opened by mktl73 - 0
- 2
Observatory claims CSP cannot be parsed.
#211 opened by ayesaac - 2
Observatory stucks at LOADING RESULTS
#209 opened by speciale - 3
Observatory may show incorrect HSTS information
#210 opened by jiggyfiz