Webbkoll no longer recommends setting the
X-Frame-Options header. It is obsoleted by the Content Security Policy directive
frame-ancestors, which should be used instead. Thanks Rohan Kumar.
Webbkoll no longer recommends enabling
X-XSS-Protection. Read more about it.
Webbkoll now checks if reports are sent to third-parties with Content Security Policy's report-uri / report-to, Expect-CT's report-uri, and NEL's report-to. Thanks InfoSec Handbook for the suggestion and comments.
Thanks to Tom Fredrik Blenning - Elektronisk Forpost Norge, Webbkoll is now available in Norwegian!
We could not find any website that 1) had the consolidated version (i.e., with corrections incorporated) of the GDPR including the recitals, 2) provided it in all 24 EU languages, and 3) made it easy to link to individual articles/recitals. So we hacked together one ourselves: https://gdpr.dataskydd.net/. It's now used for the GDPR references on the Results page.
EUR-Lex does provide a consolidated GDPR, but it doesn't include the recitals (which also received corrections!). Additionally they don't make it easy to link to individual articles, unless you dig for IDs in the HTML source. So we took the XML versions of the consolidated GDPR, added the recitals, and manually applied the corrections to the recitals. All XML files and everything used to generate our GDPR site is available on GitHub (beware: lots of ugly XSLT). Please report any mistakes.
Thanks to Tomas Jakobs, Webbkoll is now available in German!
New version of Webbkoll launched, thanks to a small grant from Digital Rights Fund. Changes/additions:
- Redesigned a bit to hopefully make things a bit more clear and navigable. Better separation between results and general information/advice. Separate boxes for "what is this" and "how do you do this". Hide some things between expandable text boxes. Now works better on mobile.
- Added Content Security Policy (CSP) analysis, Subresource Integrity (SRI) analysis, and improved X-Content-Type-Options/X-Frame-Options/X-XSS-Protection/HSTS checks. This code was ported from Mozilla's Observatory.
- More cooke information shown (HttpOnly, Secure, SameSite)
- localStorage usage shown
- IP address and country (with flags!) shown for every third-party host
- Chromium's security state information shown
- Information/technical advice rewritten (sometimes quoted from MDN)
- Many references to relevant articles and recitals in the GDPR added
- Lots of work to make things a bit cleaner internally
- You can now help translate Webbkoll! We hope to add a few more languages, such as French and German, soon.