WebSite Checkup



 

How can I check if my website has passed some important tests?

This information is presented in a WebSite Checkup section. You can check there the results of the following tests:

  • SSL Certificate – checks the presence of a Secure Socket Layer Certificate on a website. The information sent on the Internet is passed from the computer to the destination server. Any computer in between a user and a server is able to get usernames, passwords and such important details as, for instance, credit cards. SSL certificate encrypts all information, including sensitive one.

  • Valid certificate – checks the validity of an SSL certificate (if present).

  • Server signature test – checks whether your server returns its own version. If it does, the check is considered as not passed. A server signature is the public identity of a web server. It contains sensitive information that could be used to exploit a vulnerability. You should turn your server signature OFF to secure it and avoid disclosure of what versions of software you are running.

  • Have robots.txt – checks the presence of a robots.txt file on a website. Robots.txt is a standard that websites use to communicate with crawlers and robots. It informs the robot about which areas of the website it should or should not process or scan.

  • Have sitemap.xml – checks the presence of a sitemap.xml file on a website. A sitemap includes a list of pages on a website that is accessible to crawlers or users.

  • IP canonicalization test – normally, a server IP address should forward to a website domain via 301 (redirect). If there is a different response code the test is considered as not passed.

  • Trash page test – checks if non-existent URLs return 404 response code. If they don’t, the check is considered as not passed.

  • Directory browsing test – checks if the content of a website directory folders is available for viewing from a browser. In this case, the check is considered as not passed.

 

What should I do if my website hasn’t passed some test?

It depends on what kind of test it is. If you see the red cross next to a certain test name, you can hover your mouse on the icon and read the detailed information about required further actions.

  • SSL Certificate. These certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol (over port 443), and allows secure connections from a web server to a browser. Click loupe icon for details.


  • Valid certificate. Check if your SSL certificate is valid. It must be valid, otherwise, search engines and browsers may consider your site as unsafe one. This test checks your SSL certificate to make sure it is correctly installed, valid, trusted and doesn’t give any errors to any of your users.

  • Server signature test. Check if your server’s signature turned ON. A server signature is the public identity of your web server and contains sensitive information that could be used to exploit any known vulnerability, so it’s considered to be a good practice to turn it OFF if you don’t want to disclose what software versions you are running.

  • Have robots.txt. Check if your website uses a robots.txt file. Search engines send out tiny programs called spiders or robots to search your site and bring information back so that your pages can be indexed in the search results and found by web users. If there are file and directories you do not want to be indexed by search engines, you can use the “robots.txt” file to define where the robots should not go. These files are very simple text files that are placed in the root folder of your website: www.yourwebsite.com/robots.txt

  • Have sitemap.xml. This test will check if your website uses a “sitemap” file: sitemap.xml, sitemap.xml.gz or sitemapindex.xml. Sitemaps help webmasters to inform search engines about pages of their sites that are available for crawling. In its simplest form, a sitemap is an XML file that lists URLs for a site along with additional metadata about each URL (when it was last updated, how often it usually changes, and how important it is, relative to other URLs the site) so that search engines can more intelligently crawl a site.

  • IP canonicalization test. Test your site for potential IP canonicalization issues. Canonicalization describes how a site can use slightly different URLs for the same page (for example, if your site’s IP address and domain name display the same page but do not resolve to the same URL). If it happens, search engines are not sure which URL must be indexed.

  • Trash page test. Check if the nonexistent page on your website returns an HTTP status code 404. This will occur any time a server can’t find a matching page request. Webmasters often display a text 404 error but the response code is still a 200. In this case, search engine crawlers will be told that the page has been rendered correctly and the webpage will get erroneously indexed.

  • Directory browsing test. Check if your website allows directory browsing. If directory browsing is disabled, visitors will not be able to browse your directory by having direct access to the directory (if there is no index.html file). This will protect your files from being exposed to the public. Apache web server allows directory browsing by default. Disabling directory browsing is generally a good idea from a security standpoint.


Last updated byrankactive
Was this article useful?10