Metadata-Version: 1.1
Name: httpobs-cli
Version: 1.0.2
Summary: HTTP Observatory: a command line tool to scan your website
Home-page: https://github.com/mozilla/http-observatory-cli
Author: April King
Author-email: april@mozilla.com
License: MPL 2.0
Download-URL: https://github.com/mozilla/http-observatory-cli/httpobs-cli/tarball/1.0.2
Description: Mozilla HTTP Observatory :: Command Line Utility
        ================================================
        
        This repository is for the HTTP Observatory command line utility. If
        you're looking for the code for the HTTP Observatory itself, it can be
        found `here <https://github.com/mozilla/http-observatory>`__.
        
        Getting started with the HTTP Observatory
        -----------------------------------------
        
        First, install the client:
        
        .. code:: bash
        
            $ pip install httpobs-cli
        
        And then scan websites to your heart's content, using our hosted
        service:
        
        ::
        
            $ httpobs www.mozilla.org
            Score: 30 [E]
            Modifiers:
                [  -5] Initial redirection from http to https is to a different host, preventing HSTS
                [  -5] Subresource Integrity (SRI) not implemented, but all external scripts are loaded over https
                [  -5] X-Content-Type-Options header not implemented
                [ -10] X-XSS-Protection header not implemented
                [ -20] HTTP Strict Transport Security (HSTS) header not implemented
                [ -25] Content Security Policy (CSP) header not implemented
        
            $ httpobs www.google.com
            Score: 35 [D-]
            Modifiers:
                [  +5] Preloaded via the HTTP Public Key Pinning (HPKP) preloading process
                [  -5] X-Content-Type-Options header not implemented
                [ -20] Cookies set without using the Secure flag or set over http
                [ -20] HTTP Strict Transport Security (HSTS) header not implemented
                [ -25] Content Security Policy (CSP) header not implemented
        
            $ httpobs --zero github.com
            Score: 120 [A+]
            Modifiers:
                [  +5] HTTP Public Key Pinning (HPKP) header set to a minimum of 15 days (1296000)
                [  +5] Preloaded via the HTTP Strict Transport Security (HSTS) preloading process
                [  +5] Subresource Integrity (SRI) is implemented and all scripts are loaded from a similar origin
                [  +5] X-Frame-Options (XFO) implemented via the CSP frame-ancestors directive
                [   0] All cookies use the Secure flag and all session cookies use the HttpOnly flag
                [   0] Content Security Policy (CSP) implemented with 'unsafe-inline' inside style-src
                [   0] Content is not visible via cross-origin resource sharing (CORS) files or headers
                [   0] Contribute.json isn't required on websites that don't belong to Mozilla
                [   0] Initial redirection is to https on same host, final destination is https
                [   0] X-Content-Type-Options header set to "nosniff"
                [   0] X-XSS-Protection header set to "1; mode=block"
        
        If you want additional options, such as to see the raw scan output, use
        ``httpobs --help``:
        
        ::
        
            $ httpobs --help
            usage: httpobs [options] host
        
            positional arguments:
              host           hostname of the website to scan
        
            optional arguments:
              -h, --help     show this help message and exit
              -d, --debug    output only raw JSON from scan and tests
              -r, --rescan   initiate a rescan instead of showing recent scan results
              -v, --verbose  display progress indicator
              -x, --hidden   don't list scan in the recent scan results
              -z, --zero     show test results that don't affect the final score
        
        Authors
        -------
        
        -  April King
        
        License
        -------
        
        -  Mozilla Public License Version 2.0
        
Platform: UNKNOWN
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Web Environment
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)
Classifier: Natural Language :: English
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Classifier: Topic :: Internet :: WWW/HTTP :: HTTP Servers
