Skip to content
This repository has been archived by the owner on Nov 4, 2024. It is now read-only.

Absence of scripts or cookies should not be worth fewer points than secure cookies/scripts #449

Open
Seirdy opened this issue Aug 1, 2021 · 0 comments · May be fixed by #478
Open

Absence of scripts or cookies should not be worth fewer points than secure cookies/scripts #449

Seirdy opened this issue Aug 1, 2021 · 0 comments · May be fixed by #478

Comments

@Seirdy
Copy link

Seirdy commented Aug 1, 2021

Currently, the HTTP Observatory grants an extra 5 points for secure cookies and 5 for scripts with SRI; it grants +0 if a site has no cookies and +0 for sites without any scripts.

Secure cookies and scripts aren't as secure as an absence of cookies and scripts, so it doesn't make sense to give sites with these features a higher score than cookieless/scriptless sites. Rewarding cookieless/scriptless sites at least as much could help push the idea that cookies and scripts shouldn't be used unnecessarily.
KamilaBorowska added a commit to KamilaBorowska/http-observatory that referenced this issue May 18, 2022
@KamilaBorowska
Give points for not having cookies
65ffe6d 
HTTP Observatory shouldn't encourage web developers to add cookies
to their website simply to get more points. Fixes mozilla#449.
@KamilaBorowska KamilaBorowska linked a pull request May 18, 2022 that will close this issue
Open
Seirdy added a commit to Seirdy/http-observatory that referenced this issue Sep 20, 2022
@Seirdy
Give points for not having scripts
32826ef 
HTTP Observatory shouldn't encourage web developers to add scripts to
their website simply to get more points. Fixes mozilla#449
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Give points for not having cookies KamilaBorowska/http-observatory
1 participant
@Seirdy