http-observatory VS Jekyll

Here are a few tools you can use: https://www.zaproxy.org/ (Web app scanner) https://www.ssllabs.com/ssltest/analyze.html?d=importer.bilendo.de (SSL server test) https://github.com/santoru/shcheck (Security Header Check) https://observatory.mozilla.org/ (Content Security Policy validator)

Regular Audits: Use tools like Mozilla Observatory or Security Headers to regularly check your headers.

What's better about this vs. Mozilla Observatory.

https://developer.mozilla.org/en-US/observatory (formerly https://observatory.mozilla.org/)

Or Security Headers?

https://securityheaders.com/

Or VENOM?

https://github.com/oshp/oshp-validator

Applaud the effort, these are things that more devs should be aware of when building websites...

Hey some specific feedback on this tool... On mobile, it has a lot of "view port wobble" and the input fields aren't keyed right, it's just using a straight text input field so you don't get any ".com" buttons as you type. Small UX stuff like that annoy me more than if a page has a privacy policy setup correctly. (=

Detectify once made an offer of making free scans which I took them up on. There are plenty of free Content Security Policy (CSP) and other vulnerability checkers around such as Observatory or Pentest. Shields UP!! will identify which ports you have open.

Website Headers Analyzer (Mozilla)

scan our site with Mozilla Observatory and improve our grade by registering a domain name, enabling HTTPS, adding a certificate and setting security headers

First, for session persistence, go with the default Django session with cookie storage. Set your cookie to HTTP only and ensure your application uses the most common HTTP security headers and controls. Test your application with https://observatory.mozilla.org/ to have an idea of what you're missing.

Mozilla Observatory

Jekyll is one of the oldest and most established static site generators. It’s tightly integrated with GitHub Pages, making deployment super easy.

I wanted to automate this boring and repetitive workflow: my idea is that every time a YouTube video is published on my channel I want to have an associated post on my personal Jekyll blog.

The static site generator (SSG) landscape is crowded with feature-rich but increasingly complex solutions. As I looked at and used tools like lume, 11ty, lektor, or jekyll, I found myself drowning in configuration options, plugins, and middleware. What started as a simple desire to convert Markdown content into HTML had evolved into learning complex frameworks with steep learning curves.

Jekyll

If you don't want to use Jekyll as your static site generator for GitHub Pages and you want to have a custom domain for your GitHub Pages. This post is for you!

Jekyll is a static site generator that transforms Markdown files into a fully functional website. Everything is generated into plain HTML, which makes it simple to deploy on platforms like GitHub Pages.

Obviously, there are a dozen choices for generating static websites (efficiently and quickly), from the classic Jekyll to the new Next.js. And you are good to go with any of them as long as your confident with it. I choose 11ty because:

That would be an improvement, but it still wouldn't be equivalent to what you can do with Ruby and Jekyll. For example I do [1] so I don't need to put dates in my post names, which also fixes a bug [2] I encountered but was never fixed.

[1]: https://stackoverflow.com/a/68287682/660921

[2]: https://github.com/jekyll/jekyll/issues/8707