WebPageTest is an online web tool that is well known for performance testing. Recently, it received an update to also report on the security status of websites. It is not to be considered as a security penetration testing tool, but does reveal the status of HTTP security headers employed by a website and detect vulnerable JavaScript libraries.

WebPageTest is one of the most popular tools in the Web Performance community to provide page speed insights, bottleneck breakdown reports, and further information regarding a website’s performance.

It is an open source project that is maintained by long-time Google software engineer Patrick Meenan. Many leverage the project to run their performance tests in a hosted environment, where they can use their internal resources to run end-to-end or periodical smoke_testsmoke_test scans and to keep an eye on the quality of their web assets.

A relatively recent addition to WebPageTest is that it provides users with security insights as to the status of HTTP security headers and detects vulnerable JavaScript libraries that are rendered in scanned web pages.

Running a scan

Head over to https://webpagetest.org and enter the URL for a web page of your preference. For our demo purposes, we’ll use the Fox News website https://www.foxnews.com/ as a website to scan and see what security information we can find to further improve the website’s security posture.

You may choose to configure other settings for performance, such as tweaking the location origin for running the test, specifying a browser type or even a mobile device, and many other fine tuning options.

We won’t be needing any of the special configurations to get a security score so go ahead and hit the START TEST button on the right once you’ve entered a URL:

Get hands-on with 1200+ tech skills courses.