Mozilla Observatory

Mozilla HTTP Observatory is an open-source website security scanner that performs automated compliance assessments of HTTP security configurations by analyzing security headers, TLS settings, content security policies, cookie security, and other critical security best practices to identify vulnerabilities including cross-site scripting (XSS), man-in-the-middle attacks, and cross-domain information leakage. The platform provides detailed, graded security reports with scores ranging from F to A+, actionable remediation guidance linked to comprehensive documentation, and a public API that enables integration into CI/CD pipelines and security workflows, helping developers and system administrators strengthen their web application security posture against common threats.