http-observatory VS uBlock

Here are a few tools you can use: https://www.zaproxy.org/ (Web app scanner) https://www.ssllabs.com/ssltest/analyze.html?d=importer.bilendo.de (SSL server test) https://github.com/santoru/shcheck (Security Header Check) https://observatory.mozilla.org/ (Content Security Policy validator)

Regular Audits: Use tools like Mozilla Observatory or Security Headers to regularly check your headers.

What's better about this vs. Mozilla Observatory.

https://developer.mozilla.org/en-US/observatory (formerly https://observatory.mozilla.org/)

Or Security Headers?

https://securityheaders.com/

Or VENOM?

https://github.com/oshp/oshp-validator

Applaud the effort, these are things that more devs should be aware of when building websites...

Hey some specific feedback on this tool... On mobile, it has a lot of "view port wobble" and the input fields aren't keyed right, it's just using a straight text input field so you don't get any ".com" buttons as you type. Small UX stuff like that annoy me more than if a page has a privacy policy setup correctly. (=

Detectify once made an offer of making free scans which I took them up on. There are plenty of free Content Security Policy (CSP) and other vulnerability checkers around such as Observatory or Pentest. Shields UP!! will identify which ports you have open.

Website Headers Analyzer (Mozilla)

scan our site with Mozilla Observatory and improve our grade by registering a domain name, enabling HTTPS, adding a certificate and setting security headers

First, for session persistence, go with the default Django session with cookie storage. Set your cookie to HTTP only and ensure your application uses the most common HTTP security headers and controls. Test your application with https://observatory.mozilla.org/ to have an idea of what you're missing.

Mozilla Observatory

And in case you do need them, it’s a simple keyboard shortcut to load them (= Relax mode).

[1] https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium...

> It most definitely is as well.

No. uBlock Origin works best in Firefox: https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...

uBlock Origin Lite can't do everything uBlock Origin does: https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as...

If Lite is working for you then good. If you want fuller capability then you want uBlock Origin in Firefox.

Where did you get the impression that it's controversial to pay for YT Premium? Most threads I've seen on this topic are composed of roughly half of the comments endorsing YT Premium, while the other half endorse adblocking from a privacy/autonomy perspective similar to the opening paragraph of the uBlock Origin manifesto [1].

What controversy I have seen is these two parties arguing either 1. You shouldn't pay for YT Premium because it enables user-hostile business practices or 2. You shouldn't use ad-block because it's effectively "stealing."

[1] https://github.com/gorhill/uBlock/blob/master/MANIFESTO.md

> No adblocker detected. Consider using an extension like uBlock Origin to save time and bandwidth.

And attention and privacy.

This notice is a great idea.

I might remove the "like" from the notice, since "uBlock Origin" is good, but some are questionable or even outright malware.

BTW, note that the `ublockorigin.com` Web site that is linked to isn't by Raymond Hill, leader of uBlock Origin. It looks well-intended, and is nicely polished UX, but good practice would be to be careful (since it doesn't appear to be under Hill's control, and is an additional point of potential compromise in what would be very valuable malware). Hill seems to operate from <https://github.com/gorhill/uBlock>. One link that isn't too bad to view <https://github.com/gorhill/uBlock/blob/master/README.md>. Another that isn't great but OK is <https://github.com/gorhill/uBlock/wiki>.

uMatrix can be (somewhat) replicated by setting up uBlock Origin with multiple modes and using the "Relax Blocking Mode" hockey.

So for instance you can start with an extremely restrictive mode like noJS/3rd-party/images, then with each press of the hoykey it relaxes to noJS/3rd-party, then noJS/embeds, then no embeds, then regular access (ie like uBO comes configured out-of-the-box).

https://github.com/gorilla/ublock/wiki/Keyboard-shortcuts

https://github.com/gorhill/uBlock/wiki/Advanced-settings#blo...

https://github.com/gorhill/uBlock/wiki/Blocking-mode

uMatrix is archived and I think uBlockOrigin is now advised to use(which incorporate uMatrix by enabling advanced settings)

For those who want to try blocking more stuff you can enable hard mode and bind relax blocking mode keyboard shortcut

I'd recommend also enabling filter lists(I advice yokoffing/filterlists and your region/language)

https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-m...

It was a fork. I'm not sure what you mean exactly by "unofficial". Gorhill said at the time that he didn't have time to maintain a Safari version, but he was aware of the fork, which mostly shared code with upstream, and seemingly endorsed the fork.

https://github.com/gorhill/uBlock/wiki/About-Safari-and-Cana...