pev2 VS http-observatory

This runs in about 250ms. Let's have a look at the explain plan to understand it better. To visualise it, I am using the excellent visualisation tool from Dalibo.

The PEV2 is open source and give you a good visualization. I never used this pgmustard to compare.

https://explain.dalibo.com/

Visualize Your Plan: Visit explain.dalibo.com and paste the generated plan text and query. Then, hit Submit. The tool will generate a visualization of your query plan. Here's an example of the visualization for the fifth attempt version of the query from this post. It shows the different types of scans that were used and how the data gets combined. The duration of each operation is also shown:

You can download the whole analyzer as a simple html file and use it this way. No need to obfuscate or sanitize anything at all.

https://github.com/dalibo/pev2

You might be interested in sites like https://explain.dalibo.com/ which make the output a bit nicer to read. I use these quite often to quickly identify bottlenecks.

PostgreSQL Query Plan Analyzer and Visualizer

I didn’t know about pev2, interesting, checking it now. Did you integrate the component yourself or are you using this hosted page by them: https://explain.dalibo.com/?

IMO it‘s important to get started with indexing. Grab your most frequently used queries and run an EXPLAIN ANALYZE to identify the problems. This tool might help you to understand your execution plans. Once you identified your problems, you can build indexes and check again. Then you should regularly check if your indexes are used.

Detectify once made an offer of making free scans which I took them up on. There are plenty of free Content Security Policy (CSP) and other vulnerability checkers around such as Observatory or Pentest. Shields UP!! will identify which ports you have open.

Website Headers Analyzer (Mozilla)

scan our site with Mozilla Observatory and improve our grade by registering a domain name, enabling HTTPS, adding a certificate and setting security headers

First, for session persistence, go with the default Django session with cookie storage. Set your cookie to HTTP only and ensure your application uses the most common HTTP security headers and controls. Test your application with https://observatory.mozilla.org/ to have an idea of what you're missing.

Mozilla Observatory

See https://observatory.mozilla.org and https://github.com/styled-components/styled-components/issues/2363 and https://content-security-policy.com/examples/allow-inline-style/

Rank your site on https://observatory.mozilla.org/ and it will give you some suggestions.