This page lists user-visible changes to Webbkoll. For the time before 2018-11-30 (when this page was added), only a few notable events are listed. For the full history, see the commits on GitHub.


New version of Webbkoll launched, thanks to a small grant from Digital Rights Fund. Changes/additions:

  • Redesigned a bit to hopefully make things a bit more clear and navigable. Better separation between results and general information/advice. Separate boxes for "what is this" and "how do you do this". Hide some things between expandable text boxes. Now works better on mobile.
  • Added Content Security Policy (CSP) analysis, Subresource Integrity (SRI) analysis, and improved X-Content-Type-Options/X-Frame-Options/X-XSS-Protection/HSTS checks. This code was ported from Mozilla's Observatory.
  • More cooke information shown (HttpOnly, Secure, SameSite)
  • localStorage usage shown
  • IP address and country (with flags!) shown for every third-party host
  • Chromium's security state information shown
  • Information/technical advice rewritten (sometimes quoted from MDN)
  • Many references to relevant articles and recitals in the GDPR added
  • Lots of work to make things a bit cleaner internally
  • You can now help translate Webbkoll! We hope to add a few more languages, such as French and German, soon.


  • Switch from PhantomJS to Chromium in the backend, fixing many issues


  • Code published to GitHub


  • Beta version made public