About this site...

This site is managed and maintained by Stuart Maxwell, but the checks are based on the amazing work by Sasha Romijn for the Pony Checkup site that she ran for over 8 years.

The core checking library has now been published as a standalone package on PyPI, and the source code can be viewed on GitHub. Contributions are welcome.

Contact

For feedback, suggestions, praise, or complaints, you can get in touch with Stuart by email . If you find this site useful, perhaps you'd like to shout me a coffee?

Buy Me A Coffee

What checks?

There are currently 17 different checks that are run over your Django site. These include:

  • Have you disabled DEBUG mode?
  • Is your site using HTTPS?
  • Can we find your admin site, and is it only accessible through HTTPS?
  • Can we find a user login page, and is it only accessible through HTTPS?
  • Do you use a CSRF cookie and is it secured correctly?
  • Do you use a SessionID cookie and is it secured correctly?
  • Have you enabled HSTS?
  • Have you configured the X-Frame header?