- Checks site features via header and body heuristics
- Checks Security using SSL Labs API
- Checks performance using Browsertime
- Writes results to Google Docs (setup required)
- Added independent script (fancycert.php) to analyze TLS certs for EV, wildcard or SAN status.
- Make sure you have openssl > 1.0 installed.
- Add domains or IPs with TLS certs to be tested to list.txt. One host per line, please.
- Execute fancycert.php
php fancycert.php- Install PHP (I use homebrew and 5.6, anything should work)
- Install Composer
- Install Node.js
- Install Browsertime
npm install -g browsertime- Clone this repo.
- Install Dependencies (Google Docs Client)
composer install- Get the google credentials file from a yet to be determined source.
- Run the script.
php cli.php https://samplesite.comFeature checks may be added to the JSON files.
The JSON format for header checks is as follows:
"Drupal": {
"x-generator": "Drupal",
"x-drupal-cache": ""
}- If you only need to check for the existence of the header key then leave the value blank
- If you need to check both header and value, the script will check for the the entire header value for the regex (without leading and trailing slashes) that you put in the value
"Google Tag Manager": [
"googletagmanager.com",
"googletagservices.com"
]The script will check for the string(s) in the entire HTML body. Try to be as explicit as possible
SSL Labs PHP library via Björn Roland
The letter grade that is assigned by SSL Labs is a pretty involved formula
- If your site is susceptible to any known HTTPS attacks, weak ciphers or vulnerabilities, it is capped at a B but most likely will score lower.
- An A+ is achievable on Pantheon using our free HTTPS service AND setting up HSTS.
- An A is the default score for Pantheon sites using the free HTTPS service.
Performance Checks are done using browsertime. This must be installed locally using npm.
npm install -g browsertimeThe time it takes the server to get the first byte back to the browser
The time it takes for the user sees something happening in the browser
The time it takes for the entire page (HTML, CSS, JS) to be completely loaded in the browser.
The time it takes for the page to be completely rendered in the browser.
Here's a very long deck that explains Real User Monitoring (RUM) Speed Index
We use a real browser to calculate your speed index. It's based on what your browser times the page as visually complete as. Scores under 3000 are good.
- Stop using separate JSON files
- So much error checking
- Webify
- Figure out how to multithread browsertime without it nerfing