Web site security audit

Perform a basic security audit of your site now with Blue Refraction. Check key HTTP headers for security related settings.

  • X-XSS-Protection – Current browsers have integrated filters in order to detect a possible attack. Add the \”X-XSS-Protection\” HTTP header with \”1; mode=block\” as a value (1 to indicate the activation, and mode=block to indicate that the entire page must be blocked if a problem occurs) will force the execution of these filters.
  • X-content-Type-options – The only defined value, \”nosniff\”, prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. Set X-Content-Type-Options: nosniff in the header
  • X-Frame-Options – This header to provides Click-jacking protection. Values: deny – no rendering within a frame, sameorigin – no rendering if origin mismatch, allow-from: DOMAIN – allow rendering if framed by frame loaded from DOMAIN
  • X-Powered-By – The header announces your server type. Remove X-Powered-By from your page headers to mask the type of web server you are using.

Using the Site Audit REST API

Use the Blue Refraction site audit REST API as part of your DevOps build and deploy process to check your site. Perform an audit of the target page looking at design, links, W3C compliance, security etc and more to produce a rating and report of the issues.

The site audit API takes 2 arguments:

  • site_url – to specify the URL encoded site address
  • fmt – to select the return format. Currently only JSON is supported

Below is an example of using the API with cURL:

curl "http://monitor.bluerefraction.com/checksite.aspx?site_url=http%3A%2F%2Fimagos.co&fmt=json"

Both GET and POST operations are supported. Please note that currently the API will only return results for the first page. Excessive use of the Restful API may result in getting blacklisted so please limit the call rate to the API.

Below is an example of the JSON output:

   "title": "Sites and Services Directory",
   "summary": {
      "Date": "1/03/2016 5:42:47 PM",
      "Response time": "00:00:00.2895265",
      "URL": "http://imagos.co",
      "Rating": "57.1"
   "sections": [
         "subsections": [
               "title": "SEO checks",
               "items": {
                  "Document Type": "Ok",
                  "Page Title": "Ok",
                  "Page Description": "Missing",
                  "Images": "Ok",
                  "Heading Order": "Ok",
                  "Page Content": "Ok"
               "title": "Security checks",
               "items": {
                  "X-XSS-Protection": "Missing X-XSS-Protection",
                  "X-Content-Type-Options": "Missing X-Content-Type-Options",
                  "X-Frame-Options": "Missing X-Frame-Options",
                  "X-Powered-By": "Ok"
               "title": "Validate page Html",
               "message": "No issues found"
         "title": "Check List",
         "rows": [
               "Item": "Missing meta description tag",
               "Comments": "Add a meta description tag to your page"
               "Item": "Missing X-Frame-Options",
               "Comments": "Added this header to ..."
               "Item": "Missing X-content-Type-options",
               "Comments": "The only defined value..."
               "Item": "Missing X-XSS-Protection",
               "Comments": "Recent browsers have integrated ..."

Please let me know if you are using the API on a regular basis and would like to be notified of changes to the API. The interface is still in development and there may be changes in the future. The server may also be unavailable from time to time.

Track Your Site Rank in Google Analytics

Enrich your Google Analytics data with daily Blue Refraction site audit ranking data. The Blue Refraction site rank score is an overall score of the sites quality as generated generated by our site audit engine. The ranking is scored from 0 to 100 depending on the quality of the site.

To link a site in Blue Refraction to your Google Analytics account simply edit the site details in Blue Refraction and select Show/Hide Advanced to display the advanced settings for your site. Enter your Google Anayics ID in the field of the same name and press update . Each time a site audit is run the resulting rank will be added to your Google Analytics site data for the supplied site.

Graphical site map

Blue Refraction generates an interactive graphical site tree map for each site tested. The site map allows you to better visualize the structure of your site and to see how the site navigation appears from a web crawlers perspective.

Interactive site map

As well as providing an automated audit and testing platform Blue Refraction can also generate a number of other graphs and charts from your site and event data. These include:

Logged Solar Panel Data

Blue Refraction can accept data from other applications. Data can be sent in JSON format through the API and tracked over time. Below is an example tracking data logged from a Solar Photo Voltaic array:
Solar Panel Output

Antpool Payout Logging

AntPoolLogger can send data to Blue Refraction through the API so you can keep track of a variety of metrics from Bitcoin mining.


The site map is uses Mike Bostock https://d3js.org/ charts.

Data from many sources can be sent to Blue Refraction. The Blue Refraction HTTP Data API enables you to send send data over HTTP (or HTTPS) directly to Blue Refraction from your application.

The basics of the HTTP Data API are relatively simple:

  1. Create a new site on Blue Refraction, selecting metric as the type.
  2. On the machine that will log to Blue Refraction, create a POST request, and set its authentication header to include the site token.
  3. POST data in JSON format to the Blue Refraction URL.

Simple daily site check

Run a simple test daily to perform a check site to ensure your site is up and running. Blue Refraction automatically site tests daily. If you don’t already have an account, sign up on the Blue Refraction site for a free account then follow this steps:

Add your site

Once you have logged in, select “Add Site” from the home page.


Fill in the add site details. Provide a name for the site that you will remember and enter the URL of the site, or page, you want to check. Enter the URL in the format http://your-site.com/

You can provide a more detailed description, if you wish. The site recipe option can be left blank. This option will allow you to run more advanced test scripts against your site.

Update Settings

Next select the “Settings” option on the top right of the page.


Make sure the option “Check that the site is accessible (default)” is checked. Check “Crawl the entire site” if you want to check every page of your site. There is a limit of 50 pages for the free version of Blue Refraction. You can leave the other options unchecked.

Testing your SEO back links

If you use 3rd party services to create back links to your site you can use Blue Refraction to automatically check each of the links and report any that do not work. Backlinks, also known as incoming links, inbound links, inlinks, and inward links, are incoming links to a website or web page. A backlink is any link received by a web node from another web site. Links from other sites can often become stale and or deleted with changes in the other sites.

Sign-up for a free account and then once you have logged:

  1. Select “Check Links”
  2. Paste your links (one per line) onto the Site URL’s box then
  3. Click the “Check” button

The Blue Refraction will go through and try to get each of the URL’s you have entered. If you have a long list this may take some time. Once all the links have been processed the results will be presented. Any link errors will be displayed.


Terms of Use
Privacy Policy

Recent Blog Posts

Graphical site map
February 14, 2016

Logging Data to Blue Refraction
February 7, 2016

Simple daily site check
February 5, 2016

Testing your SEO back links

Track Your Site Rank in Google Analytics
February 25, 2016

Using the Site Audit REST API
February 27, 2016

Web site security audit
February 29, 2016

Get in Touch

  • Phone:
    1300 721 886
  • Email:
    Contact Us
  • Address:
    PO Box 169
    Cammeray, NSW
    Australia 2062