Browse & Analyze

Browse recent website audits and performance trends

Explore technology stacks detected across the web

Side-by-side technology comparisons and market share

Curated technology stacks and the sites that use them

Editorial deep-dives on the state of web performance

Browse and download favicons from analyzed websites

Learn

Common questions about BeaverCheck scores and checks

How we calculate scores across 100+ checks

The story behind BeaverCheck and the team

Practical guides to fix common web performance issues

Migration Guides

Step-by-step guides for moving between web technologies

Definitions for performance, SEO, and web platform terms

Contrast Checker

Check WCAG color contrast ratios between any two colors

Inspect HTTP response headers for any URL

Analyze SSL/TLS certificate details and chain

Look up DNS records for any domain

Redirect Checker

Trace the full redirect chain for any URL

Real-user INP and Core Web Vitals from Google's Chrome UX Report.

RESTful API for programmatic website audits

Embed an auto-updating health score badge on your site

https://modsecurity.org

Content

· 5 checks — Internal links, mixed-content guards, Open Graph previews, and structured data rolled into one auditable list.

SCORE

68

GRADE

D

FIX

1

REVIEW

2

PASS

2

INFO

0

Checks

5

2 PASS 2 REVIEW 1 FIX

F

Mixed Content

Action

13 HTTP resource(s) loaded on HTTPS page

FIX

13 HTTP resource(s) loaded on HTTPS page

HTTP link loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/fonts/nunito-v25-latin-regular.woff2 Expected: https://modsecurity.org/fonts/nunito-v25-latin-regular.woff2

HTTP link loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/fonts/oswald-v49-latin-700.woff2 Expected: https://modsecurity.org/fonts/oswald-v49-latin-700.woff2

HTTP link loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/fonts/nunito-v25-latin-700.woff2 Expected: https://modsecurity.org/fonts/nunito-v25-latin-700.woff2

HTTP link loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/fonts/nunito-v25-latin-800.woff2 Expected: https://modsecurity.org/fonts/nunito-v25-latin-800.woff2

HTTP link loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/favicon.ico Expected: https://modsecurity.org/favicon.ico

HTTP link loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/favicon.svg Expected: https://modsecurity.org/favicon.svg

HTTP link loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/apple-touch-icon.png Expected: https://modsecurity.org/apple-touch-icon.png

HTTP link loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/favicon-32x32.png Expected: https://modsecurity.org/favicon-32x32.png

HTTP link loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/index.xml Expected: https://modsecurity.org/index.xml

HTTP img loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/images/logo/horizontal.png Expected: https://modsecurity.org/images/logo/horizontal.png

HTTP script loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/js/hoverintent.min.js Expected: https://modsecurity.org/js/hoverintent.min.js

HTTP script loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/js/scripts.min.12be4f9e8cd7fb0a93337b3c49efe7788e7bb4a2b8fe248334502fe8549a78b2.js Expected: https://modsecurity.org/js/scripts.min.12be4f9e8cd7fb0a93337b3c49efe7788e7bb4a2b8fe248334502fe8549a78b2.js

HTTP meta loaded on HTTPS page

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Got: http://modsecurity.org/img/social-share.png Expected: https://modsecurity.org/img/social-share.png

URL: http://modsecurity.org/fonts/nunito-v25-latin-regular.woff2

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/fonts/nunito-v25-latin-regular.woff2

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

URL: http://modsecurity.org/fonts/oswald-v49-latin-700.woff2

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/fonts/oswald-v49-latin-700.woff2

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

URL: http://modsecurity.org/fonts/nunito-v25-latin-700.woff2

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/fonts/nunito-v25-latin-700.woff2

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

URL: http://modsecurity.org/fonts/nunito-v25-latin-800.woff2

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/fonts/nunito-v25-latin-800.woff2

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

URL: http://modsecurity.org/favicon.ico

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/favicon.ico

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

URL: http://modsecurity.org/favicon.svg

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/favicon.svg

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

URL: http://modsecurity.org/apple-touch-icon.png

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/apple-touch-icon.png

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

URL: http://modsecurity.org/favicon-32x32.png

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/favicon-32x32.png

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

URL: http://modsecurity.org/index.xml

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/index.xml

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

URL: http://modsecurity.org/images/logo/horizontal.png

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/images/logo/horizontal.png

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

URL: http://modsecurity.org/js/hoverintent.min.js

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/js/hoverintent.min.js

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

URL: http://modsecurity.org/js/scripts.min.12be4f9e8cd7fb0a93337b3c49efe7788e7bb4a2b8fe248334502fe8549a78b2.js

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/js/scripts.min.12be4f9e8cd7fb0a93337b3c49efe7788e7bb4a2b8fe248334502fe8549a78b2.js

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

URL: http://modsecurity.org/img/social-share.png

Modern browsers block or warn about HTTP resources on HTTPS pages. Change the URL to use HTTPS.

Expected: https://modsecurity.org/img/social-share.png

Why this matters

Mixed content — HTTP resource on HTTPS page. Browser may block silently or warn user.

Source: Google Chrome Security

C

Structured Data

Action

No structured data (JSON-LD) found.

REVIEW

No structured data (JSON-LD) found.

No structured data (JSON-LD) found

Adding structured data helps search engines understand your content and can enable rich results.

Adding structured data helps search engines understand your content and can enable rich results.

Why this matters

Without schema.org markup, your pages can't appear as rich results (stars, FAQs, recipes) in search.

Learn more ▾

Structured data is what unlocks rich snippets — review stars, FAQ accordions, recipe cards, breadcrumbs, etc. — that take up more SERP space and dramatically improve click-through. The schema.org vocabulary is well-documented and JSON-LD is the easiest format.

Source: Google Search Central / schema.org

No structured data found

Structured data (JSON-LD) helps search engines understand your content better. Adding it can improve your search result appearance.

Common types include:

WebSite — your site identity and search box
Organization — your company information
Article — blog posts and news articles
Product — e-commerce product pages
BreadcrumbList — navigation paths

Learn more at schema.org

C

Brand Presence

Action

Site-name consistency, favicon, social image, meta tags, schema, and contact signals

REVIEW

Brand Presence

Partial brand coverage — a few channels are missing brand signals.

C

62/100

Site name appears as

Page title	Modsecurity Project
og:site_name	Modsecurity Project
twitter:site	—
Organization.name	—

Consistent

Brand assets

Favicon

12/15

covers apple-touch-icon + SVG

Social share image

20/20

og:image + twitter:image set

Meta completeness

20/20

Organization schema

0/15

Contact info discoverable

0/10

no contact info discoverable

Findings

Missing brand name in: twitter:site, Organization.name
Add an apple-touch-icon and at least two PNG sizes (32x32 + 192x192)
No Organization schema — Google can't render your logo in the knowledge panel
No discoverable contact info — trust signal is weak, legal risk is higher in regulated regions

How consistently your brand appears across channels — shared link previews, structured data, favicon, contact info.

A+

Links

45 links checked, 45 healthy, 0 broken

PASS

45 links checked, 45 healthy, 0 broken

45 of 45 links are healthy

45 total 45 healthy

200 http://modsecurity.org/fonts/nunito-v25-latin-regular.woff2 <link>

200 http://modsecurity.org/fonts/oswald-v49-latin-700.woff2 <link>

200 http://modsecurity.org/fonts/nunito-v25-latin-700.woff2 <link>

200 http://modsecurity.org/fonts/nunito-v25-latin-800.woff2 <link>

200 https://modsecurity.org/css/styles.bdc3a253969505a9c22873e97... <link>

200 http://modsecurity.org/favicon.ico <link>

200 http://modsecurity.org/favicon.svg <link>

200 http://modsecurity.org/apple-touch-icon.png <link>

200 http://modsecurity.org/favicon-32x32.png <link>

200 https://piwik.netnea.com/matomo/matomo.js <script>

200 https://piwik.netnea.com/matomo/matomo.php?idsite=5&rec=1 <img>

200 http://modsecurity.org/index.xml <link>

200 http://modsecurity.org/ <a>

200 http://modsecurity.org/images/logo/horizontal.png <img>

200 https://modsecurity.org/blog/ <a>

200 https://modsecurity.org/tags/modsecurity-news/ <a>

200 https://modsecurity.org/videos/ <a>

200 https://github.com/owasp-modsecurity/ModSecurity/wiki/Compil... <a>

200 https://github.com/owasp-modsecurity/ModSecurity/wiki/ModSec... <a>

200 https://modsecurity.org/support/ <a>

200 https://modsecurity.org/developers/ <a>

200 https://modsecurity.org/faq/ <a>

200 https://owasp.org/donate?reponame=www-project-modsecurity&ti... <a>

200 http://modsecurity.org/search <a>

200 https://modsecurity.org/images/plugged.png <img>

200 https://www.modsecurity.org/ <a>

200 https://github.com/owasp-modsecurity/ModSecurity/releases/ta... <a>

200 https://github.com/owasp-modsecurity/ModSecurity/releases/ta... <a>

200 https://modsecurity.org/images/owasp/logo.png <img>

200 https://github.com/owasp-modsecurity/ModSecurity/releases <a>

200 https://github.com/owasp-modsecurity/ModSecurity/wiki <a>

200 https://owasp.slack.com/archives/C069PCXSW12 <a>

200 http://modsecurity.org/20260222/how-big-is-too-big-a-deep-di... <a>

200 http://modsecurity.org/20250805/improper-error-handling-cve-... <a>

200 http://modsecurity.org/20250701/dos-vulnerability-cve-2025-5... <a>

200 https://github.com/owasp-modsecurity <a>

200 https://modsecurity.org/img/social-icons/github.svg <img>

200 https://www.linkedin.com/company/owasp <a>

200 https://modsecurity.org/img/social-icons/linkedin.svg <img>

200 https://owasp.slack.com/archives/CBKGH8A5P <a>

200 https://modsecurity.org/img/social-icons/slack.svg <img>

200 https://github.com/owasp-modsecurity/website/blob/main/conte... <a>

200 http://modsecurity.org/js/hoverintent.min.js <script>

200 http://modsecurity.org/js/scripts.min.12be4f9e8cd7fb0a93337b... <script>

200 http://modsecurity.org/img/social-share.png <meta>

A+

Open Graph

Open Graph tags are well configured for social sharing.

PASS

Open Graph tags are well configured for social sharing.

og:description is short (36 characters)

Ideal length is 55–200 characters for social sharing previews.

Got: 36 chars Expected: 55–200 chars

URL: 36 chars

Ideal length is 55–200 characters for social sharing previews.

Expected: 55–200 chars

Why this matters

og:description very short — provides little context in social cards.

Source: Open Graph Protocol

Preview

modsecurity.org

OWASP Modsecurity Project

Open Source Web Application Firewall

Preview quality · Twitter/X A+ · 100/100

twitter:card — summary_large_image
twitter:title — OWASP Modsecurity Project
twitter:description — Open Source Web Application Firewall
twitter:image — http://modsecurity.org/img/social-share.png

MODSECURITY.ORG

OWASP Modsecurity Project

Open Source Web Application Firewall

Preview quality · Facebook A+ · 100/100

og:title — OWASP Modsecurity Project
og:description — Open Source Web Application Firewall
og:image — http://modsecurity.org/img/social-share.png
og:type — website
og:url — http://modsecurity.org/
og:site_name — Modsecurity Project

OWASP Modsecurity Project

modsecurity.org

Preview quality · LinkedIn A+ · 100/100

og:title — OWASP Modsecurity Project
og:description — Open Source Web Application Firewall
og:image — http://modsecurity.org/img/social-share.png

modsecurity.org

OWASP Modsecurity Project

Open Source Web Application Firewall

Preview quality · Slack A+ · 100/100

og:title — OWASP Modsecurity Project
og:description — Open Source Web Application Firewall
og:image — http://modsecurity.org/img/social-share.png

Social preview quality

Averaged across Twitter/X, Facebook, LinkedIn, and Slack.

A+ · 100/100

Field	Twitter/X	Facebook	LinkedIn	Slack
og:title
og:description
og:image
og:type
og:url
og:site_name
twitter:card		—	—	—
twitter:title		—	—	—
twitter:description		—	—	—
twitter:image		—	—	—

All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback