SquirrelScan
============================================================
Auditing: https://nikcub.me
Crawled 51 pages
Health Score: 76/100 (C)
Category Breakdown:
--------------------------------------------------
Content ████████░░ 82%
Passed: 342 | Warnings: 33 | Failed: 6
Accessibility █████████░ 92%
Passed: 1473 | Warnings: 68 | Failed: 4
Performance █████████░ 92%
Passed: 667 | Warnings: 115 | Failed: 1
Core SEO ████████░░ 88%
Passed: 482 | Warnings: 58 | Failed: 1
Images █████████░ 94%
Passed: 307 | Warnings: 51 | Failed: 0
Security ████████░░ 88%
Passed: 248 | Warnings: 50 | Failed: 0
Links ███████░░░ 78%
Passed: 374 | Warnings: 22 | Failed: 0
Crawlability █████████░ 96%
Passed: 166 | Warnings: 4 | Failed: 0
E-E-A-T ████████░░ 83%
Passed: 6 | Warnings: 2 | Failed: 0
URL Structure ██████████ 100%
Passed: 318 | Warnings: 1 | Failed: 0
Internationalization ██████████ 100%
Passed: 49 | Warnings: 0 | Failed: 0
Legal Compliance ██████████ 100%
Passed: 2 | Warnings: 0 | Failed: 0
Mobile ██████████ 100%
Passed: 193 | Warnings: 0 | Failed: 0
Structured Data ██████████ 100%
Passed: 48 | Warnings: 0 | Failed: 0
Social Media ██████████ 100%
Passed: 211 | Warnings: 0 | Failed: 0
Total: 4886 passed, 404 warnings, 12 errors
SUMMARY
----------------------------------------
Passed: 4886
Warnings: 404
Failed: 12
ISSUES
----------------------------------------
[CRAWLABILITY]
[warning] crawl/canonical-chain - Canonical Chain
Description: Checks for redirect chains on canonical URLs
Solution: Canonical URLs should point directly to the final destination, not
through redirects. Redirect chains waste crawl budget and dilute link
equity. If your canonical URL redirects, update it to point to the
final URL. Check that canonical URLs use the preferred protocol
(https) and www/non-www version. Self-referencing canonicals should
match the page URL exactly.
[!] page-redirect-chain: Page redirects before content is served (2 pages)
-> /
-> /posts?page=1
-> https://nikcub.me → https://nikcub.me/
-> https://nikcub.me/posts?page=1 (307) → https://nikcub.me/posts (200)
[warning] crawl/sitemap-coverage - Sitemap Coverage
Description: Checks for indexable pages that are not in the sitemap
Solution: Your sitemap should include all pages you want search engines to
index. Pages that are crawlable and indexable (no noindex, not blocked
by robots.txt) should generally be in your sitemap. Missing pages may
not be discovered or indexed efficiently. Use a sitemap generator that
automatically includes all indexable pages, or manually add important
pages.
[!] sitemap-coverage: 1 indexable page(s) not in sitemap (2%)
-> https://nikcub.me/fb-table.html
[info] crawl/pagination - Pagination
Description: Checks that paginated pages have proper canonicals
Solution: Paginated pages should NOT all canonicalize to page 1. Each page
should have a self-referencing canonical. Use rel='next' and
rel='prev' links to indicate pagination sequence (though Google no
longer uses these for indexing, they help users). Consider view-all
pages or infinite scroll as alternatives. Ensure each paginated page
has unique, valuable content.
[!] pagination-canonical: Paginated page canonicalizes to non-paginated URL
-> /posts?page=1
[CORE SEO]
[error] core/meta-title - Meta Title
Description: Validates page title presence and length
Solution: Every page needs a unique, descriptive title tag between 30-60
characters. Titles appear in browser tabs, search results, and social
shares. Write titles that accurately describe the page content while
including your primary keyword near the beginning. If your title is
too short, add more descriptive context. If too long, prioritize the
most important information first and trim secondary details. Avoid
keyword stuffing or duplicate titles across pages.
[!] meta-title: Title too long (24 pages)
-> /
-> /posts/securing-blockchain-users-with-tor-and-ssl
-> /posts/fbi-seizes-fake-tor-hosted-jihad-funding-website-as-part-of-operation-onymous-leaves-up-real-site
-> /posts/60-minutes-australia-on-silk-road-and-bitcoin
-> /posts/onymous-part1
-> /posts/analyzing-fbi-explanation-silk-road
-> /posts/multiple-vulnerabilities-in-disqus-wordpress-plugin
-> /posts/cs-cart-v4-2-0-session-hijacking-and-other-vulnerabilities
-> /posts/multiple-vulnerabilities-in-mygov-australian-government
-> /posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites
-> /posts/yahoo-axis-chrome-extension-leaks-private-certificate-file
-> /posts/facebook-also-doesnt-honor-p3p
-> /posts/how-megaupload-was-investigated-and-indicted
-> /posts/google-firefox-chrome-lady-gaga
-> /posts/crunchpad-proof-obviousness-in-ipad-design
-> /posts/frictionless-browser-plugin
-> /posts/unicode-uf8ff-aka-the-apple-logo-character-on-macs
-> /posts/facebook-re-enables-controversial-tracking-cookie
-> /posts/howto-setup-secure-and-private-facebook-browsing
-> /posts/facebook-fixes-logout-issue-explains-cookies
-> /posts/persistant-and-unblockable-cookies-using-http-headers
-> /posts/blockplus-a-browser-extension-to-block-google-notifications
-> /posts/guide-to-finding-a-good-and-safe-company-or-product-name
-> /posts/fidelio-a-browser-plugin-for-secure-web-browsing
-> Nik Cubrilovic | Engineer writing about AI, data, (69 chars)
-> Securing Blockchain.info Users with Tor and SSL | (64 chars)
-> FBI seizes fake Tor hosted Jihad funding website a (115 chars)
-> 60 Minutes Australia on Silk Road and Bitcoin | Ni (62 chars)
-> Large Number of Tor Hidden Sites Seized by the FBI (113 chars)
-> Analyzing the FBI’s Explanation of How They Locate (78 chars)
-> Multiple Vulnerabilities in Disqus WordPress Plugi (68 chars)
-> CS-Cart v4.2.0 Session Hijacking and Other Vulnera (75 chars)
-> Multiple Vulnerabilities in MyGov, the Australian (123 chars)
-> BlockPlus v4 - Block Google+ widgets and links fro (87 chars)
-> Yahoo Axis Chrome Extension Leaks Private Certific (75 chars)
-> Facebook and many other sites also bypass Internet (93 chars)
-> How Megaupload Was Investigated and Indicted | Nik (61 chars)
-> The Google Firefox search deal, Chrome and Lady Ga (69 chars)
-> The Crunchpad is proof of obviousness in the iPad (73 chars)
-> Introducing Frictionless - Taking the friction out (107 chars)
-> Unicode U+F8FF - aka. The Apple Logo Character, on (72 chars)
-> Facebook Re-Enables Controversial Tracking Cookie (66 chars)
-> How To Setup secure and private Facebook browsing (66 chars)
-> Facebook Fixes Logout Issue, Explains Cookies | Ni (62 chars)
-> Persistent and Unblockable Cookies Using HTTP Head (70 chars)
-> BlockPlus - A browser extension to block Google+ n (79 chars)
-> Guide to Finding a Good and Safe Company or Produc (73 chars)
-> Fidelio - A browser plugin for secure web browsing (67 chars)
[!] meta-title: Title too short (6 pages)
-> /posts
-> /subscribe
-> /posts/numeronym
-> /contact
-> /fb-table.html
-> /posts?page=1
-> Articles | Nik Cubrilovic (25 chars)
-> Subscribe | Nik Cubrilovic (26 chars)
-> Numeronym | Nik Cubrilovic (26 chars)
-> Contact | Nik Cubrilovic (24 chars)
-> Facebook Cookie Analysis (24 chars)
-> Articles | Nik Cubrilovic (25 chars)
[error] core/meta-description - Meta Description
Description: Validates meta description presence and length
Solution: Meta descriptions should be 120-160 characters and provide a
compelling summary of the page. While not a direct ranking factor,
good descriptions improve click-through rates from search results.
Write unique descriptions for each page that accurately preview the
content. Include a call-to-action when appropriate. If missing, search
engines will auto-generate snippets which may not represent your page
optimally.
[!] meta-description: Description too short (14 pages)
-> /posts
-> /asides
-> /subscribe
-> /posts/multiple-vulnerabilities-in-disqus-wordpress-plugin
-> /posts/how-megaupload-was-investigated-and-indicted
-> /posts/persistant-and-unblockable-cookies-using-http-headers
-> /contact
-> /about
-> /privacy
-> /tracking-cookie
-> /posts?page=2
-> /posts?page=3
-> /posts?page=1
-> /posts?page=4
-> Long-form writing on security, privacy, and techno (54 chars)
-> Short observations on security, technology, and cu (62 chars)
-> Get notified when I publish new articles. Subscrib (115 chars)
-> Disclosure and fixes for a number of bugs in the W (106 chars)
-> Security research and technology analysis (41 chars)
-> Using HTTP headers as unblockable super-cookies (47 chars)
-> Get in touch with Nik Cubrilovic for collaboration (70 chars)
-> Australian engineer working on data systems and AI (117 chars)
-> Privacy policy for nikcub.me - how we handle your (79 chars)
-> Demonstration of how tracking cookies work and per (79 chars)
-> Long-form writing on security, privacy, and techno (63 chars)
-> Long-form writing on security, privacy, and techno (63 chars)
-> Long-form writing on security, privacy, and techno (54 chars)
-> Long-form writing on security, privacy, and techno (63 chars)
[!] meta-description: Description too long (7 pages)
-> /posts/craig-wright-is-not-satoshi-nakamoto
-> /posts/fbi-seizes-fake-tor-hosted-jihad-funding-website-as-part-of-operation-onymous-leaves-up-real-site
-> /posts/notes-on-the-celebrity-data-theft
-> /posts/the-download-dot-con
-> /posts/frictionless-browser-plugin
-> /posts/logging-out-of-facebook-is-not-enough
-> /posts/blockplus-a-browser-extension-to-block-google-notifications
-> A detailed investigation into Craig Wright's claim (172 chars)
-> During Operation Onymous the FBI seized a fake clo (168 chars)
-> An in-depth look at the underground networks behin (170 chars)
-> How CNet's Download.com bundles adware and toolbar (170 chars)
-> Launching Frictionless, a Chrome extension that by (163 chars)
-> When it comes to losing track of Facebook online a (182 chars)
-> Releasing BlockPlus, a Chrome extension that remov (163 chars)
[X] meta-description: Missing meta description
-> /fb-table.html
[warning] core/canonical - Canonical URL
Description: Validates canonical URL presence and format
Solution: Canonical URLs tell search engines which version of a page is the
"master" copy, preventing duplicate content issues. Every page should
specify a canonical URL, typically pointing to itself. Add a tag in the head section. Use absolute URLs
and ensure consistency (with or without trailing slash, www vs
non-www). For paginated content, point to the main page or use
rel="prev/next".
[!] canonical: Missing canonical URL
-> /fb-table.html
[warning] core/og-tags - Open Graph Tags
Description: Validates Open Graph meta tags for social sharing
Solution: Open Graph tags control how your content appears when shared on
Facebook, LinkedIn, and other platforms. Required tags: og:title,
og:description, og:image, og:url, and og:type. Add OG tags in your
page head. Use images at least 1200x630 pixels for best display. Keep
og:title under 60 characters and og:description under 200. Test shares
using Facebook's Sharing Debugger tool.
[!] og-title: Missing og:title
-> /fb-table.html
[!] og-description: Missing og:description
-> /fb-table.html
[!] og-image: Missing og:image - social shares will lack imagery
-> /fb-table.html
[warning] core/title-unique - Title Uniqueness
Description: Checks that page titles are unique across the site
Solution: Each page should have a unique title that accurately describes its
content. Duplicate titles confuse search engines and users about which
page to display. Use a pattern like 'Page Topic | Brand Name' to
ensure uniqueness. CMS often generate duplicate titles - audit and
customize them.
[!] title-unique: 1 duplicate title(s) affecting 2 pages
-> "articles | nik cubrilovic..." (2 pages)
from: /posts
from: /posts?page=1
[warning] core/favicon - Favicon
Description: Checks for favicon presence
Solution: Favicons help with brand recognition and UX. Include multiple formats:
for legacy, for modern browsers, and
for iOS.
32x32px for .ico, 180x180px for Apple touch icon.
[!] favicon: No favicon found
-> /fb-table.html
[info] core/twitter-cards - Twitter Cards
Description: Validates Twitter Card meta tags
Solution: Twitter Cards enhance how links appear in tweets. The twitter:card
meta tag specifies the card type (summary, summary_large_image,
player, or app). Add twitter:card, twitter:title, twitter:description,
and twitter:image tags. For large images, use summary_large_image with
images at least 800x418 pixels. Validate using Twitter's Card
Validator tool.
[!] twitter-card: No Twitter card or Open Graph tags for Twitter sharing
-> /fb-table.html
[SECURITY]
[warning] security/csp - Content Security Policy
Description: Checks for Content-Security-Policy header and validates directives
Solution: CSP prevents XSS attacks by restricting which resources can load.
Start with a report-only policy to identify issues. Key directives:
default-src 'self', script-src (avoid 'unsafe-inline'), img-src,
style-src, frame-ancestors. Use nonces or hashes instead of
'unsafe-inline' for scripts. Test thoroughly as strict CSP can break
functionality.
[!] csp-missing: No Content-Security-Policy header
[warning] security/form-captcha - Form CAPTCHA
Description: Checks for CAPTCHA protection on public forms
Solution: Add CAPTCHA protection (reCAPTCHA, Cloudflare Turnstile, hCaptcha,
etc.) to public-facing forms to prevent spam and bot submissions.
Contact forms, comment forms, newsletter signups, and registration
forms are common targets for automated abuse. Modern CAPTCHA solutions
like Turnstile offer invisible protection with minimal user friction.
[!] form-captcha: N public form(s) without CAPTCHA (48 pages)
-> /
-> /posts
-> /asides
-> /subscribe
-> /posts/craig-wright-is-not-satoshi-nakamoto
-> /posts/securing-blockchain-users-with-tor-and-ssl
-> /posts/fbi-seizes-fake-tor-hosted-jihad-funding-website-as-part-of-operation-onymous-leaves-up-real-site
-> /posts/60-minutes-australia-on-silk-road-and-bitcoin
-> /posts/onymous-part1
-> /posts/analyzing-fbi-explanation-silk-road
-> /posts/notes-on-the-celebrity-data-theft
-> /posts/multiple-vulnerabilities-in-disqus-wordpress-plugin
-> /posts/cs-cart-v4-2-0-session-hijacking-and-other-vulnerabilities
-> /posts/multiple-vulnerabilities-in-mygov-australian-government
-> /posts/two-google-chrome-privacy-issues
-> /posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites
-> /posts/yahoo-axis-chrome-extension-leaks-private-certificate-file
-> /posts/facebook-also-doesnt-honor-p3p
-> /posts/facebook-is-losing-e-commerce
-> /posts/how-megaupload-was-investigated-and-indicted
-> /posts/google-firefox-chrome-lady-gaga
-> /posts/crunchpad-proof-obviousness-in-ipad-design
-> /posts/google-android-the-accidental-empire
-> /posts/the-download-dot-con
-> /posts/frictionless-browser-plugin
-> /posts/lies-damn-lies-and-google-statistics
-> /posts/unicode-uf8ff-aka-the-apple-logo-character-on-macs
-> /posts/facebook-re-enables-controversial-tracking-cookie
-> /posts/howto-setup-secure-and-private-facebook-browsing
-> /posts/facebook-fixes-logout-issue-explains-cookies
-> /posts/logging-out-of-facebook-is-not-enough
-> /posts/persistant-and-unblockable-cookies-using-http-headers
-> /posts/blockplus-a-browser-extension-to-block-google-notifications
-> /posts/numeronym
-> /posts/pain-and-gain
-> /posts/guide-to-finding-a-good-and-safe-company-or-product-name
-> /posts/finding-a-technical-co-founder
-> /posts/the-google-ipo-skeptics
-> /posts/relevance-time-for-twitter
-> /posts/fidelio-a-browser-plugin-for-secure-web-browsing
-> /contact
-> /about
-> /privacy
-> /tracking-cookie
-> /posts?page=2
-> /posts?page=3
-> /posts?page=1
-> /posts?page=4
-> form[0]
-> form[1]
[warning] security/http-to-https - HTTP to HTTPS Redirect
Description: Checks whether HTTP URLs redirect to HTTPS
Solution: Ensure all HTTP URLs redirect to their HTTPS equivalents using
permanent (301) redirects. This consolidates link equity and avoids
mixed indexing. Configure your server to enforce HTTPS globally and
verify that both the homepage and key internal URLs redirect
correctly. WARNING: This rule makes external HTTP requests to probe
redirect behavior.
[!] http-to-https: 20 HTTP URL(s) redirect to HTTPS
-> http://nikcub.me/ → https://nikcub.me/ (308)
-> http://nikcub.me/posts → https://nikcub.me/posts (308)
-> http://nikcub.me/asides → https://nikcub.me/asides (308)
-> http://nikcub.me/subscribe → https://nikcub.me/subscribe (308)
-> http://nikcub.me/posts/craig-wright-is-not-satoshi-nakamoto → https://nikcub.me/posts/craig-wright-is-not-satoshi-nakamoto (308)
-> http://nikcub.me/posts/securing-blockchain-users-with-tor-and-ssl → https://nikcub.me/posts/securing-blockchain-users-with-tor-and-ssl (308)
-> http://nikcub.me/posts/fbi-seizes-fake-tor-hosted-jihad-funding-website-as-part-of-operation-onymous-leaves-up-real-site → https://nikcub.me/posts/fbi-seizes-fake-tor-hosted-jihad-funding-website-as-part-of-operation-onymous-leaves-up-real-site (308)
-> http://nikcub.me/posts/60-minutes-australia-on-silk-road-and-bitcoin → https://nikcub.me/posts/60-minutes-australia-on-silk-road-and-bitcoin (308)
-> http://nikcub.me/posts/onymous-part1 → https://nikcub.me/posts/onymous-part1 (308)
-> http://nikcub.me/posts/analyzing-fbi-explanation-silk-road → https://nikcub.me/posts/analyzing-fbi-explanation-silk-road (308)
-> http://nikcub.me/posts/notes-on-the-celebrity-data-theft → https://nikcub.me/posts/notes-on-the-celebrity-data-theft (308)
-> http://nikcub.me/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin → https://nikcub.me/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin (308)
-> http://nikcub.me/posts/cs-cart-v4-2-0-session-hijacking-and-other-vulnerabilities → https://nikcub.me/posts/cs-cart-v4-2-0-session-hijacking-and-other-vulnerabilities (308)
-> http://nikcub.me/posts/multiple-vulnerabilities-in-mygov-australian-government → https://nikcub.me/posts/multiple-vulnerabilities-in-mygov-australian-government (308)
-> http://nikcub.me/posts/two-google-chrome-privacy-issues → https://nikcub.me/posts/two-google-chrome-privacy-issues (308)
-> http://nikcub.me/posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites → https://nikcub.me/posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites (308)
-> http://nikcub.me/posts/yahoo-axis-chrome-extension-leaks-private-certificate-file → https://nikcub.me/posts/yahoo-axis-chrome-extension-leaks-private-certificate-file (308)
-> http://nikcub.me/posts/facebook-also-doesnt-honor-p3p → https://nikcub.me/posts/facebook-also-doesnt-honor-p3p (308)
-> http://nikcub.me/posts/facebook-is-losing-e-commerce → https://nikcub.me/posts/facebook-is-losing-e-commerce (308)
-> http://nikcub.me/posts/how-megaupload-was-investigated-and-indicted → https://nikcub.me/posts/how-megaupload-was-investigated-and-indicted (308)
[LINKS]
[warning] links/broken-external-links - Broken External Links
Description: Detects external links returning 4xx/5xx errors or timeouts
Solution: Broken external links hurt user experience and credibility. Regularly
audit external links using automated tools. Remove or replace broken
links with working alternatives. Consider using archived versions
(archive.org) if the original content is gone. For important
resources, consider hosting your own copies of critical documentation
or linking to more stable sources.
[!] broken-external-links: 107 broken external link(s): 35 with 404, 3 with 520, 47 failed, 2 with 403, 6 with 401, 5 with 500, 3 with 429, 5 with 503, 1 with 999
-> http://www.gq-magazine.co.uk/article/bitcoin-creator-satoshi-nakamoto-craig-wright (404)
-> http://www.lrb.co.uk/2016/05/01/andrew-ohagan/the-search-for-satoshi (404)
-> http://www.twitter.com/lamoustache (520)
-> http://www.twitter.com/harisec (520)
-> http://www.twitter.com/thegrugq (520)
-> http://www.disqus.com/ (Error: Was there a typo in the url or port?)
-> http://disqus.com/ (Error: Was there a typo in the url or port?)
-> http://blog.cs-cart.com/2014/07/21/cs-cart-4-2-1-released-new-styles-e-mail-marketing-and-more/ (404)
-> http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx (403)
-> http://online.wsj.com/article/SB10001424052970204880404577225380456599176.html (401)
-> http://blogs.wsj.com/tech-europe/2011/02/09/full-text-nokia-ceo-stephen-elops-burning-platform-memo/ (401)
-> http://chitika.com/ (Error: certificate has expired)
-> http://insights.chitika.com/2011/failure-to-launch-google-growth-spurt-short-lived/ (Error: certificate has expired)
-> http://twitter.com/arrington (500)
-> http://online.wsj.com/article/SB10001424052748704281504576329441432995616.html (401)
-> http://www.datatilsynet.no/upload/Dokumenter/utredninger%20av%20Datatilsynet/From%20Facebook%20-%20Norway-DPA.pdf (404)
-> http://twitter.com/#!/jonathanmayer (500)
-> http://www.microsoft.com/security/online-privacy/passwords-create.aspx (404)
-> http://twitter.com/byoogle (500)
-> http://twitter.com/#!/sacca/status/88653313096163329 (500)
-> http://bitbucket.org/nik/blockplus (404)
-> http://www.miaminewtimes.com/content/printVersion/240700/ (404)
-> http://www.miaminewtimes.com/content/printVersion/240723/ (404)
-> http://www.miaminewtimes.com/content/printVersion/240747/ (404)
-> http://knowem.com/ (Error: Was there a typo in the url or port?)
-> http://www.usernamecheck.com/ (Error: Was there a typo in the url or port?)
-> http://vebtools.com/google-banned-checker/ (Error: Was there a typo in the url or port?)
-> http://vebtools.com/ (Error: Was there a typo in the url or port?)
-> http://www.siteadvisor.com/ (Error: timeout)
-> http://hosts-file.net/ (Error: timeout)
-> http://www.nxdom.com/ (404)
-> http://www.webmasterworld.com/ (Error: Was there a typo in the url or port?)
-> http://discuss.joelonsoftware.com/?biz (Error: Was there a typo in the url or port?)
-> http://www.rentacoder.com/ (Error: Was there a typo in the url or port?)
-> http://venturebeat.com/2009/10/14/ea-exec-says-social-gaming-bubble-resembles-mobile-games-hype/ (429)
-> http://beta.gawker.com/ (404)
-> https://www.drcraigwright.net/jean-paul-sartre-signing-significance/ (Error: timeout)
from: /posts/craig-wright-is-not-satoshi-nakamoto
from: /posts/craig-wright-is-not-satoshi-nakamoto
-> https://www.gq-magazine.co.uk/article/bitcoin-creator-satoshi-nakamoto-craig-wright (404)
from: /posts/craig-wright-is-not-satoshi-nakamoto
-> https://www.lrb.co.uk/2016/05/01/andrew-ohagan/the-search-for-satoshi (404)
from: /posts/craig-wright-is-not-satoshi-nakamoto
-> http://www.mcgrathnicol.com/app/uploads/D14-140526-Hotwire439AReport-BFK.pdf (404)
from: /posts/craig-wright-is-not-satoshi-nakamoto
-> https://github.com/spesmilo/electrum/blob/master/lib/interface.py#L117 (404)
from: /posts/craig-wright-is-not-satoshi-nakamoto
-> https://github.com/spesmilo/electrum/blob/master/lib/network.py#L367-384 (404)
from: /posts/craig-wright-is-not-satoshi-nakamoto
-> http://archive.is/3UwA7 (429)
from: /posts/craig-wright-is-not-satoshi-nakamoto
-> http://www.thoughtcrime.org/software/sslstrip/ (404)
from: /posts/securing-blockchain-users-with-tor-and-ssl
-> http://www.networking4all.com/en/ssl+certificates/faq/change+san+issue/ (404)
from: /posts/securing-blockchain-users-with-tor-and-ssl
-> https://cabforum.org/wp-content/uploads/Guidance-Deprecated-Internal-Names.pdf (404)
from: /posts/securing-blockchain-users-with-tor-and-ssl
-> https://github.com/chris-barry/darkweb-everywhere/tree/master/src/chrome/content/rules (404)
from: /posts/securing-blockchain-users-with-tor-and-ssl
-> http://orbilu.uni.lu/bitstream/10993/18679/1/Ccsfp614s-biryukovATS.pdf (Error: Unable to connect. Is the computer able to access the url?)
from: /posts/securing-blockchain-users-with-tor-and-ssl
-> https://www.nikcub.com/posts/onymous-part1/ (404)
from: /posts/fbi-seizes-fake-tor-hosted-jihad-funding-website-as-part-of-operation-onymous-leaves-up-real-site
-> http://www.jump-in.com.au/show/60minutes/stories/2014/september/the-dark-web/ (Error: Was there a typo in the url or port?)
from: /posts/60-minutes-australia-on-silk-road-and-bitcoin
[warning] links/https-downgrade - HTTPS Downgrade
Description: Detects links from HTTPS pages to HTTP destinations
Solution: Links from HTTPS to HTTP pages create security warnings and break the
trust chain. Users may see 'not secure' warnings. Update all links to
use HTTPS. If the target site doesn't support HTTPS, consider if you
really need to link there. For internal links, ensure your entire site
uses HTTPS.
[!] https-downgrade: N link(s) downgrade to HTTP (15 pages)
-> /posts/craig-wright-is-not-satoshi-nakamoto
-> /posts/securing-blockchain-users-with-tor-and-ssl
-> /posts/60-minutes-australia-on-silk-road-and-bitcoin
-> /posts/onymous-part1
-> /posts/analyzing-fbi-explanation-silk-road
-> /posts/multiple-vulnerabilities-in-mygov-australian-government
-> /posts/yahoo-axis-chrome-extension-leaks-private-certificate-file
-> /posts/facebook-also-doesnt-honor-p3p
-> /posts/the-download-dot-con
-> /posts/facebook-re-enables-controversial-tracking-cookie
-> /posts/persistant-and-unblockable-cookies-using-http-headers
-> /posts/blockplus-a-browser-extension-to-block-google-notifications
-> /posts/finding-a-technical-co-founder
-> /posts/the-google-ipo-skeptics
-> /about
-> http://gavinandresen.ninja/satoshi
-> http://gavinandresen.ninja/satoshi
-> http://www.mcgrathnicol.com/app/uploads/D14-140526-Hotwire439AReport-BFK.pdf
-> http://prwire.com.au/pr/51565/the-demorgan-ltd-group-of-companies-to-receive-up-to-54-million-from-ausindustry-r-amp-d-tax-rebate-scheme-1
-> http://archive.is/3UwA7
-> http://www.thoughtcrime.org/software/sslstrip/
-> http://www.thoughtcrime.org
-> http://www.networking4all.com/en/ssl+certificates/faq/change+san+issue/
-> http://orbilu.uni.lu/bitstream/10993/18679/1/Ccsfp614s-biryukovATS.pdf
-> http://www.jump-in.com.au/show/60minutes/stories/2014/september/the-dark-web/
-> http://www.jump-in.com.au/show/60minutes/videos/3784171895001/
-> http://www.tor2web.org
-> http://web.archive.org/web/19961205083117/http://tcp.ca/Jan96/BusandMark.html
-> http://quod.lib.umich.edu/j/jep/3336451.0007.104?view=text;rgn=main
-> http://www.deepdotweb.com/
-> http://allyour4nert7pkh.onion/wiki/index.php?title=Onion_Cloner
-> http://ia700603.us.archive.org/21/items/gov.uscourts.nysd.422824/gov.uscourts.nysd.422824.57.0.pdf
-> http://antilop.cc/sr/img/2013_03_16_stack_overflow_question.png
-> http://antilop.cc/sr/
-> http://www.amta.org.au/articles/Delivering.user-friendly.Government.services.online
-> http://www.archive.dbcde.gov.au/2013/september/national_digital_economy_strategy/advancing_australia_as_a_digital_economy/part_three_achieving_o%20ur_goalsbuilding_on_the_2011_national_digital_economystrategy/online_government_service_delivery
-> http://my.gov.au
-> http://sxp.yimg.com/ei/ynano/YAxis_Chrome_v1_0_20120520.crx
-> http://www.shodanhq.com/research/
-> http://www.shodanhq.com/research/infodisc/header/P3P
-> http://www.shodanhq.com/research/infodisc/header/p3p
-> http://insecure.org/news/download-com-fiasco.html
-> http://nikcub.appspot.com/logging-out-of-facebook-is-not-enough
-> http://nikcub.appspot.com/fb-table.html
-> http://nikcub.appspot.com/facebook-fixes-logout-issue-explains-cookies
-> http://www.arctic.org/~dean/tracking-without-cookies.html
-> http://nikcub.appspot.com/static/blockplus-2.crx
-> http://nikcub.appspot.com/guide-to-finding-a-good-and-safe-company-or-product-name
-> http://crastinate.com/2008/07/07/dont-believe-the-twitter-hype/
-> http://0day.today/author/21985
[warning] links/orphan-pages - Orphan Pages
Description: Detects pages with no internal links pointing to them
Solution: Orphan pages have no internal links and are hard for search engines to
discover. They may not get indexed or rank well. Add internal links
from relevant pages. Include in navigation or sidebar. Add to sitemap.
Create contextual links from related content. If intentionally
orphaned (e.g., landing pages), ensure they're accessible via sitemap.
[!] orphan-pages: 25 orphan page(s) with <2 incoming links
-> https://nikcub.me/asides
-> https://nikcub.me/posts/two-google-chrome-privacy-issues
-> https://nikcub.me/posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites
-> https://nikcub.me/posts/yahoo-axis-chrome-extension-leaks-private-certificate-file
-> https://nikcub.me/posts/facebook-also-doesnt-honor-p3p
-> https://nikcub.me/posts/facebook-is-losing-e-commerce
-> https://nikcub.me/posts/how-megaupload-was-investigated-and-indicted
-> https://nikcub.me/posts/google-firefox-chrome-lady-gaga
-> https://nikcub.me/posts/crunchpad-proof-obviousness-in-ipad-design
-> https://nikcub.me/posts/google-android-the-accidental-empire
-> https://nikcub.me/posts/the-download-dot-con
-> https://nikcub.me/posts/frictionless-browser-plugin
-> https://nikcub.me/posts/lies-damn-lies-and-google-statistics
-> https://nikcub.me/posts/unicode-uf8ff-aka-the-apple-logo-character-on-macs
-> https://nikcub.me/posts/facebook-re-enables-controversial-tracking-cookie
-> https://nikcub.me/posts/howto-setup-secure-and-private-facebook-browsing
-> https://nikcub.me/posts/persistant-and-unblockable-cookies-using-http-headers
-> https://nikcub.me/posts/blockplus-a-browser-extension-to-block-google-notifications
-> https://nikcub.me/posts/numeronym
-> https://nikcub.me/posts/pain-and-gain
-> https://nikcub.me/posts/guide-to-finding-a-good-and-safe-company-or-product-name
-> https://nikcub.me/posts/finding-a-technical-co-founder
-> https://nikcub.me/posts/the-google-ipo-skeptics
-> https://nikcub.me/posts/relevance-time-for-twitter
-> https://nikcub.me/posts/fidelio-a-browser-plugin-for-secure-web-browsing
[warning] links/internal-links - Internal Links
Description: Validates internal link count
Solution: Internal links help users navigate your site and distribute page
authority. Each page should have at least one internal link pointing
to it (not counting navigation). Add contextual internal links from
related content. Use descriptive anchor text that indicates what the
linked page is about. Avoid orphan pages (no internal links) and
ensure important pages receive more internal links. Review your site
structure to create logical content clusters.
[!] internal-links: Too few internal links (0, min 1)
-> /fb-table.html
-> Too few internal links (0, min 1)
[warning] links/redirect-chains - Redirect Chains
Description: Detects URLs that redirect and links pointing to redirects
Solution: Redirects add latency and waste crawl budget, especially when chained.
Make sure every internal link hits the final destination directly, not
the intermediate redirect, and consult the chain context emitted by
this rule to trace multi-hop paths. Consolidate redirect rules, prefer
301s for permanent moves, and audit redirects regularly to remove
legacy hops.
[!] redirect-pages: 1 page(s) redirect to another URL
-> https://nikcub.me/posts?page=1 (307) → https://nikcub.me/posts (200)
[!] links-to-redirect: 1 link target(s) point to redirecting URLs
-> https://nikcub.me/posts?page=1 (307) → https://nikcub.me/posts (200)
from: /
from: /posts
from: /asides
from: /subscribe
from: /posts/craig-wright-is-not-satoshi-nakamoto
from: /posts/securing-blockchain-users-with-tor-and-ssl
from: /posts/fbi-seizes-fake-tor-hosted-jihad-funding-website-as-part-of-operation-onymous-leaves-up-real-site
from: /posts/60-minutes-australia-on-silk-road-and-bitcoin
from: /posts/onymous-part1
from: /posts/analyzing-fbi-explanation-silk-road
from: /posts/notes-on-the-celebrity-data-theft
from: /posts/multiple-vulnerabilities-in-disqus-wordpress-plugin
from: /posts/cs-cart-v4-2-0-session-hijacking-and-other-vulnerabilities
from: /posts/multiple-vulnerabilities-in-mygov-australian-government
from: /posts/two-google-chrome-privacy-issues
from: /posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites
from: /posts/yahoo-axis-chrome-extension-leaks-private-certificate-file
from: /posts/facebook-also-doesnt-honor-p3p
from: /posts/facebook-is-losing-e-commerce
from: /posts/how-megaupload-was-investigated-and-indicted
from: /posts/google-firefox-chrome-lady-gaga
from: /posts/crunchpad-proof-obviousness-in-ipad-design
from: /posts/google-android-the-accidental-empire
from: /posts/the-download-dot-con
from: /posts/frictionless-browser-plugin
from: /posts/lies-damn-lies-and-google-statistics
from: /posts/unicode-uf8ff-aka-the-apple-logo-character-on-macs
from: /posts/facebook-re-enables-controversial-tracking-cookie
from: /posts/howto-setup-secure-and-private-facebook-browsing
from: /posts/facebook-fixes-logout-issue-explains-cookies
from: /posts/logging-out-of-facebook-is-not-enough
from: /posts/persistant-and-unblockable-cookies-using-http-headers
from: /posts/blockplus-a-browser-extension-to-block-google-notifications
from: /posts/numeronym
from: /posts/pain-and-gain
from: /posts/guide-to-finding-a-good-and-safe-company-or-product-name
from: /posts/finding-a-technical-co-founder
from: /posts/the-google-ipo-skeptics
from: /posts/relevance-time-for-twitter
from: /posts/fidelio-a-browser-plugin-for-secure-web-browsing
from: /contact
from: /about
from: /privacy
from: /tracking-cookie
from: /posts?page=2
from: /posts?page=3
from: /posts?page=1
from: /posts?page=4
[warning] links/dead-end-pages - Dead-End Pages
Description: Pages with no outgoing internal links, potentially trapping users
Solution: Add navigation links or related content links to help users continue
browsing. Internal links improve user experience and help search
engines discover content.
[!] dead-end: Page has no outgoing internal links (dead-end)
-> /fb-table.html
[warning] links/weak-internal-links - Weak Internal Links
Description: Detects pages with only 1 dofollow internal link pointing to them
Solution: Pages with only a single internal link have weak internal linking
support and may struggle to rank. Search engines use internal links to
understand page importance and distribute link equity. Add contextual
links from related content, include in navigation or sidebar, or link
from category/hub pages to strengthen internal link profiles.
[!] weak-internal-links: 24 page(s) have only 1 internal link
-> https://nikcub.me/posts/two-google-chrome-privacy-issues
-> https://nikcub.me/posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites
-> https://nikcub.me/posts/yahoo-axis-chrome-extension-leaks-private-certificate-file
-> https://nikcub.me/posts/facebook-also-doesnt-honor-p3p
-> https://nikcub.me/posts/facebook-is-losing-e-commerce
-> https://nikcub.me/posts/how-megaupload-was-investigated-and-indicted
-> https://nikcub.me/posts/google-firefox-chrome-lady-gaga
-> https://nikcub.me/posts/crunchpad-proof-obviousness-in-ipad-design
-> https://nikcub.me/posts/google-android-the-accidental-empire
-> https://nikcub.me/posts/the-download-dot-con
-> https://nikcub.me/posts/frictionless-browser-plugin
-> https://nikcub.me/posts/lies-damn-lies-and-google-statistics
-> https://nikcub.me/posts/unicode-uf8ff-aka-the-apple-logo-character-on-macs
-> https://nikcub.me/posts/facebook-re-enables-controversial-tracking-cookie
-> https://nikcub.me/posts/howto-setup-secure-and-private-facebook-browsing
-> https://nikcub.me/posts/persistant-and-unblockable-cookies-using-http-headers
-> https://nikcub.me/posts/blockplus-a-browser-extension-to-block-google-notifications
-> https://nikcub.me/posts/numeronym
-> https://nikcub.me/posts/pain-and-gain
-> https://nikcub.me/posts/guide-to-finding-a-good-and-safe-company-or-product-name
-> https://nikcub.me/posts/finding-a-technical-co-founder
-> https://nikcub.me/posts/the-google-ipo-skeptics
-> https://nikcub.me/posts/relevance-time-for-twitter
-> https://nikcub.me/posts/fidelio-a-browser-plugin-for-secure-web-browsing
[CONTENT]
[error] content/meta-in-body - Meta Tags in Body
Description: Detects meta tags incorrectly placed in document body
Solution: Move all meta tags from to . Meta tags in the body are
ignored by browsers and search engines. Common offenders: meta
description, viewport, robots, and Open Graph tags. This is often
caused by incorrect HTML structure or dynamic rendering issues.
[X] meta-in-body: Found 16 meta tags in (6 pages)
-> /posts
-> /asides
-> /posts?page=2
-> /posts?page=3
-> /posts?page=1
-> /posts?page=4
-> description="Long-form writing on security, privacy, and techno..."
-> og:title="Articles"
-> og:description="Long-form writing on security, privacy, and techno..."
-> og:url="https://nikcub.me/posts"
-> og:site_name="Nik Cubrilovic"
-> og:locale="en_US"
-> og:image="https://nikcub.me/og-default.png"
-> og:image:width="1200"
-> og:image:height="630"
-> og:image:alt="Articles"
-> og:type="website"
-> twitter:card="summary_large_image"
-> twitter:creator="@nikcub"
-> twitter:title="Articles"
-> twitter:description="Long-form writing on security, privacy, and techno..."
-> twitter:image="https://nikcub.me/og-default.png"
[warning] content/duplicate-title - Duplicate Title
Description: Checks for duplicate title tags across the site
Solution: Each page should have a unique title tag that accurately describes its
content. Duplicate titles confuse search engines about which page to
rank and make your pages less distinguishable in search results. Use
unique, descriptive titles that include relevant keywords. For similar
pages (e.g., pagination), add differentiating elements like page
numbers or category names.
[!] duplicate-title: 1 duplicate title(s) found across 2 pages
-> "articles | nik cubrilovic..." (2 pages)
from: /posts
from: /posts?page=1
[warning] content/duplicate-description - Duplicate Description
Description: Checks for duplicate meta descriptions across the site
Solution: Each page should have a unique meta description that summarizes its
specific content. Duplicate descriptions reduce click-through rates
and provide poor user experience in search results. Write unique,
compelling descriptions for each page. For pages without unique
content (like paginated results), consider using no description rather
than a duplicate.
[!] duplicate-description: 1 duplicate description(s) found across 2 pages
-> "long-form writing on security, privacy, ..." (2 pages)
from: /posts
from: /posts?page=1
[warning] content/keyword-stuffing - Keyword Stuffing
Description: Detects excessive keyword repetition in content
Solution: Keyword stuffing is repeating words unnaturally to manipulate
rankings. Search engines penalize this practice. Write naturally for
users first. Use keywords where they fit naturally. Aim for 1-2%
keyword density at most. Use synonyms and related terms instead of
repeating the exact same phrase. Focus on providing value, not gaming
algorithms.
[!] keyword-stuffing: N word(s) may be overused (20 pages)
-> /posts
-> /posts/craig-wright-is-not-satoshi-nakamoto
-> /posts/cs-cart-v4-2-0-session-hijacking-and-other-vulnerabilities
-> /posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites
-> /posts/yahoo-axis-chrome-extension-leaks-private-certificate-file
-> /posts/facebook-is-losing-e-commerce
-> /posts/the-download-dot-con
-> /posts/unicode-uf8ff-aka-the-apple-logo-character-on-macs
-> /posts/facebook-re-enables-controversial-tracking-cookie
-> /posts/logging-out-of-facebook-is-not-enough
-> /posts/blockplus-a-browser-extension-to-block-google-notifications
-> /posts/pain-and-gain
-> /posts/guide-to-finding-a-good-and-safe-company-or-product-name
-> /posts/the-google-ipo-skeptics
-> /tracking-cookie
-> /posts?page=2
-> /fb-table.html
-> /posts?page=3
-> /posts?page=1
-> /posts?page=4
-> "min" (3.1%)
-> "wright" (3.2%)
-> "session" (3.6%)
-> "google" (4.4%)
-> "blockplus" (3.3%)
-> "extension" (3.7%)
-> "facebook" (3.5%)
-> "download" (4.1%)
-> "character" (3.6%)
-> "logo" (3.2%)
-> "cookie" (3.1%)
-> "story" (3.6%)
-> "domain" (3.5%)
-> "cookies" (6.5%)
-> "deleted" (9.2%)
-> "request" (4.6%)
-> "lzfw" (3.9%)
[warning] content/word-count - Word Count
Description: Checks content length for thin content issues
Solution: Pages with thin content (under 300 words) often struggle to rank well
and are actively deindexed by Google since the June 2025 core update.
Add more valuable, relevant content to thin pages—aim for at least 500
words for standard pages and 1000+ for in-depth articles. If a page
can't be fleshed out, voluntarily noindex it or consolidate it into a
more comprehensive resource. Trimming thin pages from your index is
better than leaving low-value content for Google to penalize.
[!] word-count: Thin content: N words (min N) (11 pages)
-> /
-> /asides
-> /subscribe
-> /posts/fbi-seizes-fake-tor-hosted-jihad-funding-website-as-part-of-operation-onymous-leaves-up-real-site
-> /posts/blockplus-a-browser-extension-to-block-google-notifications
-> /posts/numeronym
-> /contact
-> /privacy
-> /tracking-cookie
-> /fb-table.html
-> /posts?page=4
-> Thin content: 252 words (min 300)
-> Thin content: 42 words (min 300)
-> Thin content: 82 words (min 300)
-> Thin content: 269 words (min 300)
-> Thin content: 292 words (min 300)
-> Thin content: 223 words (min 300)
-> Thin content: 82 words (min 300)
-> Thin content: 184 words (min 300)
-> Thin content: 188 words (min 300)
-> Thin content: 189 words (min 300)
-> Thin content: 224 words (min 300)
[IMAGES]
[warning] images/offscreen-lazy - Offscreen Image Lazy Loading
Description: Checks if offscreen images use lazy loading
Solution: Add loading='lazy' to images below the fold to defer loading until
needed. This reduces initial page load time and saves bandwidth.
Exception: Don't lazy-load LCP image or above-the-fold content. Use
loading='eager' for critical images.
[!] offscreen-images-not-lazy: 2 below-fold image(s) without lazy loading
-> /posts/securing-blockchain-users-with-tor-and-ssl
-> BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf-20-page-2069-20of-2099-.webp
-> Screen-20Shot-202014-12-04-20at-202.00.01-20AM.webp
[warning] images/responsive-size - Responsive Image Size
Description: Checks if images are sized appropriately for their display size
Solution: Serve images at appropriate sizes for their display dimensions.
Oversized images waste bandwidth and slow page load. Undersized images
look blurry on high-DPI displays. Use srcset to serve different sizes
for different screens. For responsive images, serve 1x, 2x, and
optionally 3x versions. Image CDNs can automatically resize images
on-the-fly.
[!] images-possibly-oversized: 1 small image(s) may be serving oversized files (48 pages)
-> /
-> /posts
-> /asides
-> /subscribe
-> /posts/craig-wright-is-not-satoshi-nakamoto
-> /posts/securing-blockchain-users-with-tor-and-ssl
-> /posts/fbi-seizes-fake-tor-hosted-jihad-funding-website-as-part-of-operation-onymous-leaves-up-real-site
-> /posts/60-minutes-australia-on-silk-road-and-bitcoin
-> /posts/onymous-part1
-> /posts/analyzing-fbi-explanation-silk-road
-> /posts/notes-on-the-celebrity-data-theft
-> /posts/multiple-vulnerabilities-in-disqus-wordpress-plugin
-> /posts/cs-cart-v4-2-0-session-hijacking-and-other-vulnerabilities
-> /posts/multiple-vulnerabilities-in-mygov-australian-government
-> /posts/two-google-chrome-privacy-issues
-> /posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites
-> /posts/yahoo-axis-chrome-extension-leaks-private-certificate-file
-> /posts/facebook-also-doesnt-honor-p3p
-> /posts/facebook-is-losing-e-commerce
-> /posts/how-megaupload-was-investigated-and-indicted
-> /posts/google-firefox-chrome-lady-gaga
-> /posts/crunchpad-proof-obviousness-in-ipad-design
-> /posts/google-android-the-accidental-empire
-> /posts/the-download-dot-con
-> /posts/frictionless-browser-plugin
-> /posts/lies-damn-lies-and-google-statistics
-> /posts/unicode-uf8ff-aka-the-apple-logo-character-on-macs
-> /posts/facebook-re-enables-controversial-tracking-cookie
-> /posts/howto-setup-secure-and-private-facebook-browsing
-> /posts/facebook-fixes-logout-issue-explains-cookies
-> /posts/logging-out-of-facebook-is-not-enough
-> /posts/persistant-and-unblockable-cookies-using-http-headers
-> /posts/blockplus-a-browser-extension-to-block-google-notifications
-> /posts/numeronym
-> /posts/pain-and-gain
-> /posts/guide-to-finding-a-good-and-safe-company-or-product-name
-> /posts/finding-a-technical-co-founder
-> /posts/the-google-ipo-skeptics
-> /posts/relevance-time-for-twitter
-> /posts/fidelio-a-browser-plugin-for-secure-web-browsing
-> /contact
-> /about
-> /privacy
-> /tracking-cookie
-> /posts?page=2
-> /posts?page=3
-> /posts?page=1
-> /posts?page=4
-> image (56x56, no srcset)
[warning] images/dimensions - Image Dimensions
Description: Checks for width/height attributes (prevents CLS)
Solution: Specifying width and height attributes prevents Cumulative Layout
Shift (CLS) by reserving space before images load. Add width and
height attributes to img tags matching the image's intrinsic
dimensions. Use CSS for responsive sizing if needed. For responsive
images, the aspect ratio from width/height prevents layout shifts even
when CSS overrides the actual size.
[!] image-dimensions: N image(s) missing width/height (causes CLS) (2 pages)
-> /posts/multiple-vulnerabilities-in-mygov-australian-government
-> /posts/frictionless-browser-plugin
-> https://nikcub.me/images/posts/gqvpbGx.webp
-> https://nikcub.me/images/posts/myGov-20-20Home.webp
-> https://nikcub.me/images/posts/promo.webp
[PERFORMANCE]
[warning] perf/lcp-hints - LCP Optimization Hints
Description: Checks for Largest Contentful Paint optimization opportunities
Solution: LCP measures when the largest content element becomes visible.
Optimize by: 1) Preload your LCP image with . 2) Don't use loading='lazy' on above-fold images as it
delays loading. 3) Minimize render-blocking CSS/JS in . 4) Use
modern image formats (WebP/AVIF) for faster loading. 5) Consider using
fetchpriority='high' on the LCP image.
[!] lcp-preload: N potential LCP image(s) without preload (48 pages)
-> /
-> /posts
-> /asides
-> /subscribe
-> /posts/craig-wright-is-not-satoshi-nakamoto
-> /posts/securing-blockchain-users-with-tor-and-ssl
-> /posts/fbi-seizes-fake-tor-hosted-jihad-funding-website-as-part-of-operation-onymous-leaves-up-real-site
-> /posts/60-minutes-australia-on-silk-road-and-bitcoin
-> /posts/onymous-part1
-> /posts/analyzing-fbi-explanation-silk-road
-> /posts/notes-on-the-celebrity-data-theft
-> /posts/multiple-vulnerabilities-in-disqus-wordpress-plugin
-> /posts/cs-cart-v4-2-0-session-hijacking-and-other-vulnerabilities
-> /posts/multiple-vulnerabilities-in-mygov-australian-government
-> /posts/two-google-chrome-privacy-issues
-> /posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites
-> /posts/yahoo-axis-chrome-extension-leaks-private-certificate-file
-> /posts/facebook-also-doesnt-honor-p3p
-> /posts/facebook-is-losing-e-commerce
-> /posts/how-megaupload-was-investigated-and-indicted
-> /posts/google-firefox-chrome-lady-gaga
-> /posts/crunchpad-proof-obviousness-in-ipad-design
-> /posts/google-android-the-accidental-empire
-> /posts/the-download-dot-con
-> /posts/frictionless-browser-plugin
-> /posts/lies-damn-lies-and-google-statistics
-> /posts/unicode-uf8ff-aka-the-apple-logo-character-on-macs
-> /posts/facebook-re-enables-controversial-tracking-cookie
-> /posts/howto-setup-secure-and-private-facebook-browsing
-> /posts/facebook-fixes-logout-issue-explains-cookies
-> /posts/logging-out-of-facebook-is-not-enough
-> /posts/persistant-and-unblockable-cookies-using-http-headers
-> /posts/blockplus-a-browser-extension-to-block-google-notifications
-> /posts/numeronym
-> /posts/pain-and-gain
-> /posts/guide-to-finding-a-good-and-safe-company-or-product-name
-> /posts/finding-a-technical-co-founder
-> /posts/the-google-ipo-skeptics
-> /posts/relevance-time-for-twitter
-> /posts/fidelio-a-browser-plugin-for-secure-web-browsing
-> /contact
-> /about
-> /privacy
-> /tracking-cookie
-> /posts?page=2
-> /posts?page=3
-> /posts?page=1
-> /posts?page=4
-> /_next/image?url=%2Favatar.webp&w=128&q=75
-> /_next/image?url=%2Fimages%2Fposts%2Fcraig_wright.webp&w=1920&q=75
-> /images/posts/20111225-pmyb3unhb18e2drdnyr1wuna5k.jpg-20class
-> /_next/image?url=%2Fimages%2Fposts%2Fnik.profile.webp&w=1920&q=75
[warning] perf/ttfb - Time to First Byte
Description: Measures server response time (TTFB)
Solution: Time to First Byte (TTFB) measures how quickly your server responds.
Slow TTFB indicates server/backend issues. Thresholds (Core Web
Vitals): - Good: < 600ms - Needs improvement: 600-1000ms - Poor: >
1000ms Fixes for slow TTFB: - Enable server caching (Redis, Varnish,
CDN) - Optimize database queries - Use CDN for static assets - Upgrade
server resources - Reduce server-side processing - Enable HTTP/2 or
HTTP/3 - Use edge computing (Cloudflare Workers, Vercel Edge)
[!] ttfb: Slow server response (Nms) (5 pages)
-> /posts
-> /posts/securing-blockchain-users-with-tor-and-ssl
-> /posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites
-> /contact
-> /privacy
-> Slow server response (870ms)
-> Slow server response (649ms)
-> Slow server response (758ms)
-> Slow server response (692ms)
-> Slow server response (610ms)
[X] ttfb: Very slow server response (1149ms)
-> /asides
-> Very slow server response (1149ms)
[warning] perf/cls-hints - CLS Optimization Hints
Description: Checks for Cumulative Layout Shift prevention
Solution: CLS measures visual stability - how much content shifts during load.
Prevent layout shifts by: 1) Always set width and height attributes on
images and iframes. 2) Reserve space for ads and embeds with CSS
min-height. 3) Use CSS aspect-ratio for responsive media. 4) Avoid
inserting content above existing content. 5) Use transform animations
instead of properties that trigger layout.
[!] cls-images: N image(s) without width/height (CLS risk) (2 pages)
-> /posts/multiple-vulnerabilities-in-mygov-australian-government
-> /posts/frictionless-browser-plugin
-> /images/posts/gqvpbGx.webp
-> /images/posts/myGov-20-20Home.webp
-> /images/posts/promo.webp
[warning] perf/dom-size - DOM Size
Description: Detects excessive DOM complexity that impacts performance
Solution: Large DOMs slow page rendering, increase memory usage, and harm mobile
performance. Google recommends keeping total nodes under 1500. Fixes
for large DOMs: - Use virtualization for long lists (e.g.,
react-window) - Lazy-load off-screen content - Reduce unnecessary
wrapper elements - Use CSS instead of DOM for visual effects -
Paginate large content sections
[!] dom-max-children: Element with N children found (3 pages)
-> /posts/craig-wright-is-not-satoshi-nakamoto
-> /posts/securing-blockchain-users-with-tor-and-ssl
-> /posts/onymous-part1
-> Element with 118 children found
-> Element with 61 children found
-> Element with 276 children found
[!] dom-total-nodes: Large DOM (2114 nodes)
-> /posts/onymous-part1
-> Large DOM (2114 nodes)
[warning] perf/critical-request-chains - Critical Request Chains
Description: Identifies chains of dependent resources that delay rendering
Solution: Critical request chains are sequences of dependent network requests
that must complete before the page can render. Reduce chain depth by:
1) Inlining critical CSS instead of linking external files. 2) Adding
async or defer to non-critical scripts. 3) Avoiding CSS @import — use
tags instead. 4) Using for critical
resources. 5) Reducing the number of render-blocking resources in
.
[!] critical-request-chains: 2 critical request chain(s) found (48 pages)
-> /
-> /posts
-> /asides
-> /subscribe
-> /posts/craig-wright-is-not-satoshi-nakamoto
-> /posts/securing-blockchain-users-with-tor-and-ssl
-> /posts/fbi-seizes-fake-tor-hosted-jihad-funding-website-as-part-of-operation-onymous-leaves-up-real-site
-> /posts/60-minutes-australia-on-silk-road-and-bitcoin
-> /posts/onymous-part1
-> /posts/analyzing-fbi-explanation-silk-road
-> /posts/notes-on-the-celebrity-data-theft
-> /posts/multiple-vulnerabilities-in-disqus-wordpress-plugin
-> /posts/cs-cart-v4-2-0-session-hijacking-and-other-vulnerabilities
-> /posts/multiple-vulnerabilities-in-mygov-australian-government
-> /posts/two-google-chrome-privacy-issues
-> /posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites
-> /posts/yahoo-axis-chrome-extension-leaks-private-certificate-file
-> /posts/facebook-also-doesnt-honor-p3p
-> /posts/facebook-is-losing-e-commerce
-> /posts/how-megaupload-was-investigated-and-indicted
-> /posts/google-firefox-chrome-lady-gaga
-> /posts/crunchpad-proof-obviousness-in-ipad-design
-> /posts/google-android-the-accidental-empire
-> /posts/the-download-dot-con
-> /posts/frictionless-browser-plugin
-> /posts/lies-damn-lies-and-google-statistics
-> /posts/unicode-uf8ff-aka-the-apple-logo-character-on-macs
-> /posts/facebook-re-enables-controversial-tracking-cookie
-> /posts/howto-setup-secure-and-private-facebook-browsing
-> /posts/facebook-fixes-logout-issue-explains-cookies
-> /posts/logging-out-of-facebook-is-not-enough
-> /posts/persistant-and-unblockable-cookies-using-http-headers
-> /posts/blockplus-a-browser-extension-to-block-google-notifications
-> /posts/numeronym
-> /posts/pain-and-gain
-> /posts/guide-to-finding-a-good-and-safe-company-or-product-name
-> /posts/finding-a-technical-co-founder
-> /posts/the-google-ipo-skeptics
-> /posts/relevance-time-for-twitter
-> /posts/fidelio-a-browser-plugin-for-secure-web-browsing
-> /contact
-> /about
-> /privacy
-> /tracking-cookie
-> /posts?page=2
-> /posts?page=3
-> /posts?page=1
-> /posts?page=4
-> CSS: /_next/static/chunks/d17a1e4009825030.css?dpl=dpl_8eGkMdrK1WrR3N4Jm7vmwdX7NzzL
-> JS: /_next/static/chunks/a6dad97d9634a72d.js?dpl=dpl_8eGkMdrK1WrR3N4Jm7vmwdX7NzzL
[warning] perf/lazy-above-fold - Lazy Loading Above Fold
Description: Detects lazy loading on likely above-fold images
Solution: Don't use loading='lazy' on images that appear above the fold (visible
without scrolling). Lazy loading these images delays LCP because the
browser waits for layout before fetching. For hero images and LCP
candidates: 1) Remove loading='lazy'. 2) Add fetchpriority='high'. 3)
Consider preloading with . Only use
lazy loading for below-fold images.
[!] lazy-above-fold: N above-fold image(s) with lazy loading (8 pages)
-> /posts/craig-wright-is-not-satoshi-nakamoto
-> /posts/60-minutes-australia-on-silk-road-and-bitcoin
-> /posts/analyzing-fbi-explanation-silk-road
-> /posts/notes-on-the-celebrity-data-theft
-> /posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites
-> /posts/yahoo-axis-chrome-extension-leaks-private-certificate-file
-> /posts/the-download-dot-con
-> /posts/facebook-re-enables-controversial-tracking-cookie
-> /_next/image?url=%2Fimages%2Fposts%2FChcGSpBUUAArMOs.webp&w=1920&q=75
-> /_next/image?url=%2Fimages%2Fposts%2F60min-silkroad_export.webp&w=1920&q=75
-> /_next/image?url=%2Fimages%2Fposts%2F60_screenshot_export.webp&w=1920&q=75
-> /_next/image?url=%2Fimages%2Fposts%2Fsr_reddit_screnshot.webp&w=1920&q=75
-> /_next/image?url=%2Fimages%2Fposts%2FScreen_Shot_2014-09-03_at_6.22.13_AM.webp&w=1920&q=75
-> /_next/image?url=%2Fimages%2Fposts%2F5909374213_cbae62eb55_m.webp&w=1920&q=75
-> /_next/image?url=%2Fimages%2Fposts%2F5909661385_79445883de_b.webp&w=1920&q=75
-> /_next/image?url=%2Fimages%2Fposts%2Fyahoo-private-key.webp&w=1920&q=75
-> /_next/image?url=%2Fimages%2Fposts%2Fyahoo-extension-disable.webp&w=1920&q=75
-> /_next/image?url=%2Fimages%2Fposts%2Fdownload-dotcon.webp&w=1920&q=75
-> /_next/image?url=%2Fimages%2Fposts%2Ffacebook-reenable01.webp&w=1920&q=75
-> /_next/image?url=%2Fimages%2Fposts%2Ffacebook-reenable02.webp&w=1920&q=75
[ACCESSIBILITY]
[error] a11y/duplicate-id-aria - Duplicate ID ARIA
Description: Checks that IDs used in ARIA attributes are unique
Solution: IDs referenced by ARIA attributes (aria-labelledby, aria-describedby,
aria-controls, etc.) must be unique on the page. Duplicate IDs cause
assistive technology to potentially reference the wrong element.
Rename duplicate IDs to be unique.
[X] duplicate-id-aria: 1 problematic ID(s) in ARIA attributes (2 pages)
-> /posts/securing-blockchain-users-with-tor-and-ssl
-> /posts/relevance-time-for-twitter
-> "footnote-label" (not found)
[error] a11y/label-content-name-mismatch - Label Content Name Mismatch
Description: Checks that visible label text is part of accessible name
Solution: For controls with visible labels, the accessible name should contain
the visible text. Voice control users say what they see - if the
accessible name doesn't include the visible label, voice commands
won't work. Example: A button showing 'Search' should not have
aria-label='Find products'.
[X] label-content-name-mismatch: 1 element(s) where visible text doesn't match accessible name (2 pages)
-> /posts/securing-blockchain-users-with-tor-and-ssl
-> /posts/relevance-time-for-twitter
-> a: visible="↩" vs aria-label="back to reference 1"
[warning] a11y/color-contrast - Color Contrast
Description: Checks for color contrast issues in styles and classes
Solution: Text must have sufficient contrast with its background for
readability. WCAG AA requires 4.5:1 for normal text and 3:1 for large
text (18px+ or 14px+ bold). Use tools like WebAIM Contrast Checker to
verify. Common issues: light gray text, text over images without
overlay. Don't rely on color alone to convey information - add icons
or text labels.
[!] color-contrast: N potential color contrast issue(s) (49 pages)
-> /
-> /posts
-> /asides
-> /subscribe
-> /posts/craig-wright-is-not-satoshi-nakamoto
-> /posts/securing-blockchain-users-with-tor-and-ssl
-> /posts/fbi-seizes-fake-tor-hosted-jihad-funding-website-as-part-of-operation-onymous-leaves-up-real-site
-> /posts/60-minutes-australia-on-silk-road-and-bitcoin
-> /posts/onymous-part1
-> /posts/analyzing-fbi-explanation-silk-road
-> /posts/notes-on-the-celebrity-data-theft
-> /posts/multiple-vulnerabilities-in-disqus-wordpress-plugin
-> /posts/cs-cart-v4-2-0-session-hijacking-and-other-vulnerabilities
-> /posts/multiple-vulnerabilities-in-mygov-australian-government
-> /posts/two-google-chrome-privacy-issues
-> /posts/blockplus-v4-released-block-google-widgets-and-links-from-other-google-sites
-> /posts/yahoo-axis-chrome-extension-leaks-private-certificate-file
-> /posts/facebook-also-doesnt-honor-p3p
-> /posts/facebook-is-losing-e-commerce
-> /posts/how-megaupload-was-investigated-and-indicted
-> /posts/google-firefox-chrome-lady-gaga
-> /posts/crunchpad-proof-obviousness-in-ipad-design
-> /posts/google-android-the-accidental-empire
-> /posts/the-download-dot-con
-> /posts/frictionless-browser-plugin
-> /posts/lies-damn-lies-and-google-statistics
-> /posts/unicode-uf8ff-aka-the-apple-logo-character-on-macs
-> /posts/facebook-re-enables-controversial-tracking-cookie
-> /posts/howto-setup-secure-and-private-facebook-browsing
-> /posts/facebook-fixes-logout-issue-explains-cookies
-> /posts/logging-out-of-facebook-is-not-enough
-> /posts/persistant-and-unblockable-cookies-using-http-headers
-> /posts/blockplus-a-browser-extension-to-block-google-notifications
-> /posts/numeronym
-> /posts/pain-and-gain
-> /posts/guide-to-finding-a-good-and-safe-company-or-product-name
-> /posts/finding-a-technical-co-founder
-> /posts/the-google-ipo-skeptics
-> /posts/relevance-time-for-twitter
-> /posts/fidelio-a-browser-plugin-for-secure-web-browsing
-> /contact
-> /about
-> /privacy
-> /tracking-cookie
-> /posts?page=2
-> /fb-table.html
-> /posts?page=3
-> /posts?page=1
-> /posts?page=4
-> p with class "mt-1 text-sm text-muted-foregr..." may have low contrast
-> a with class "text-muted-foreground transiti..." may have low contrast
-> a with class "mt-4 inline-flex items-center ..." may have low contrast
-> h2 with class "text-xs font-medium uppercase ..." may have low contrast
-> p with class "text-[15px] leading-relaxed te..." may have low contrast
-> div with class "flex items-center gap-3 text-x..." may have low contrast
-> a with class "mt-8 inline-flex items-center ..." may have low contrast
-> p with class "mt-2 text-sm text-muted-foregr..." may have low contrast
-> input with class "h-10 rounded-sm border border-..." may have low contrast
-> div with class "flex flex-col gap-4 text-sm te..." may have low contrast
-> a with class "inline-flex items-center gap-2..." may have low contrast
-> p with class "mt-2 text-muted-foreground..." may have low contrast
-> div with class "text-sm text-muted-foreground..." may have low contrast
-> a with class "inline-flex items-center gap-1..." may have low contrast
-> p with class "mt-4 text-lg text-muted-foregr..." may have low contrast
-> p with class "text-sm text-muted-foreground..." may have low contrast
-> input with class "h-11 flex-1 rounded-sm border ..." may have low contrast
-> p with class "mt-3 text-xs text-muted-foregr..." may have low contrast
-> p with class "mb-4 text-sm text-muted-foregr..." may have low contrast
-> a with class "text-xs text-muted-foreground ..." may have low contrast
-> div with class "mb-6 flex flex-wrap items-cent..." may have low contrast
-> p with class "mb-8 text-lg text-muted-foregr..." may have low contrast
-> figcaption with class "mt-2 text-center text-sm text-..." may have low contrast
-> a with class "mt-12 inline-flex items-center..." may have low contrast
-> a with class "flex items-center gap-3 text-s..." may have low contrast
-> p with class "mt-2 text-center text-sm text-..." may have low contrast
-> White text (verify background): 2 instance(s)
-> Very light text color: 1 instance(s)
[warning] a11y/landmark-one-main - One Main Landmark
Description: Checks that the page has exactly one main landmark
Solution: Each page should have exactly one element or element with
role='main'. This helps screen reader users quickly navigate to the
primary content. Multiple main landmarks confuse navigation. Use