Test website security with Snyk’s newest WebPageTest integration

Written by:

May 14, 2020

0 mins read

We are excited to announce the security integration with WebPageTest!

These newly introduced data points for all tested pages enrich existing website performance tests with further visibility into security details, such as HTTP security headers and vulnerable JavaScript libraries found on a website.

We at Snyk know that web developers have many cross-cutting concerns they need to handle — for example, performance, accessibility, and security — and we set out to help address one of those concerns with the help of a super popular tool — WebPageTest.

If you ever worked on improving your website’s speed, chances are you’ve used WebPageTest. It’s a great tool with detailed metrics on website performance tests. However, it lacked access to security insights. But don’t worry—with the Snyk integration, this issue is solved.

How do I start testing for website security?

Head over to https://webpagetest.org and type in a website address to scan.

In the screenshot below we used the Snyk websites to get performance and security insights.

When you’re done click START TEST to begin the scan:


Once testing is complete, WebPageTest presents the following page with the test results.

You’ll now notice the addition of a new top-level score: Security score.

The https://snyk.io website got a score of A:


But what does this score represent??

Click on the A score to open the detailed security insights page:


The results provide:

  1. the security grade with a link that explains how we calculate an overall score,

  2. details about any JavaScript libraries that were found to be vulnerable in the tested website,

  3. a list of HTTP security headers that the website responds with, and a list of those that are missing.

We are fully transparent about how we calculate the overall score and grade for a website. If you are curious to learn more about calculating the website security score, we have a blog post about website security score explained, head over to our blog post: website security score explained.

Website security

In conclusion, we invite you to run a website security check at https://webpagetest.org and on snyk.io/website-scanner to ensure your website is up to par with security requirements concerning HTTP security headers and proper use of 3rd-party JavaScript libraries.

If you don’t have a Snyk account yet, it is free to sign up for both open source projects and private repositories. With Snyk, you’ll find those 3rd-party library vulnerabilities long before you deploy to production, and once you deploy Snyk will monitor them closely and alert you, if new vulnerabilities have been discovered.

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo