Website review thehackerblog.com
The Hacker Blog – The Hacker Blog
Generated on March 19 2026 12:17 PM
Old data? UPDATE !
The score is 68/100
SEO Content
Title
The Hacker Blog – The Hacker Blog
Length : 33
Perfect, your title contains between 10 and 70 characters.
Description
A Hacker's Blog of Unintended Use and Insomnia.
Length : 47
Ideally, your meta description should contain between 70 and 160 characters (spaces included). Use this free tool to calculate text length.
Keywords
hacker blog, hacking, router backdoor, exploit, penetration testing, network security, infosec, information security, netsec
Good, your page contains meta keywords.
Og Meta Properties
Good, your page take advantage of Og Properties.
| Property | Content |
|---|---|
| locale | en_US |
| type | article |
| title | The Hacker Blog |
| description | A Hacker's Blog of Unintended Use and Insomnia. |
| url | / |
| site_name | The Hacker Blog |
| image | /images/images/logo.png |
Headings
| H1 | H2 | H3 | H4 | H5 | H6 |
| 16 | 25 | 12 | 0 | 0 | 0 |
- [H1] The Hacker Blog
- [H1] "Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains
- [H1] Video Downloader and Video Downloader Plus Chrome Extension Hijack Exploit - UXSS via CSP Bypass (~15.5 Million Affected)
- [H1] Kicking the Rims – A Guide for Securely Writing and Auditing Chrome Extensions
- [H1] Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper
- [H1] Summary
- [H1] Proof-of-Concept
- [H1] Technical Details
- [H1] Root Cause & Further Thoughts
- [H1] Timeline
- [H1] Reading Your Emails With A Read&Write Chrome Extension Same Origin Policy Bypass (~8 Million Users Affected)
- [H1] Summary
- [H1] Technical Description
- [H1] Proof-of-Concept Video
- [H1] Root Cause & Remediation Thoughts
- [H1] Timeline
- [H2]
- [H2]
- [H2] The Vulnerability
- [H2] The Path to Victory
- [H2] Content Security Policy
- [H2] Disclosure & Remediation
- [H2] That’s All Folks
- [H2] A Thin Layer of Chrome Extension Security Prior-Art
- [H2] Isolated But Talkative Worlds
- [H2] A Quick Disclaimer
- [H2] Home is Where the manifest.json Is – The Basic Extension Layout
- [H2] The Extension Architecture, Namespace Isolation and the DOM
- [H2] The Same Origin Policy (SOP) in the Chrome Extension World
- [H2] Crossing the Barriers with Injection and Message Passing
- [H2] Web Accessible Resources & Navigation Blocking
- [H2] Background Pages and Content Security Policy
- [H2] Stealing from the Stainless, Security Anti-Patterns in the Extension World
- [H2] Content Scripts Obey No Man…or CSP
- [H2] The Web Page DOM Cannot Be Trusted
- [H2] JavaScript DOM Events Must Be Verified
- [H2] Messages Sent From Web Pages Cannot Be Trusted
- [H2] The King Shouldn’t Live Outside the Castle Walls
- [H2] Generally Sane Parsing of URLs
- [H2] Clickjacking & Careful Use of web_accessible_resources
- [H2] Automating the Auditing Process With tarnish
- [H3] FlashHTTPRequest
- [H3] JudasDNS
- [H3] XSS Hunter
- [H3] tarnish
- [H3] Home
- [H3]
- [H3] Home
- [H3] tarnish
- [H3] XSS Hunter
- [H3] JudasDNS
- [H3] FlashHTTPRequest
- [H3] Click here to try out the tarnish Chrome extension analyzer.
Images
We found 10 images on this web page.
2 alt attributes are empty or missing. Add alternative text so that search engines can better understand the content of your images.
Text/HTML Ratio
Ratio : 49%
Ideal! This page's ratio of text to HTML code is between 25 and 70 percent.
Flash
Perfect, no Flash content has been detected on this page.
Iframe
Great, there are no Iframes detected on this page.
SEO Links
URL Rewrite
Good. Your links looks friendly!
Underscores in the URLs
Perfect! No underscores detected in your URLs.
In-page links
We found a total of 78 links including 5 link(s) to files
| Anchor | Type | Juice |
|---|---|---|
| The Hacker Blog | Internal | Passing Juice |
| February 11, 2022 | Internal | Passing Juice |
| Matthew Bryant (mandatory) | Internal | Passing Juice |
| The TL;DR Summary & High-Level Points | Internal | Passing Juice |
| npm registry | External | Passing Juice |
| February 22, 2019 | Internal | Passing Juice |
| tarnish | Internal | Passing Juice |
| Video Downloader for Chrome version 5.0.0.12 | External | Passing Juice |
| Video Downloader Plus | External | Passing Juice |
| Content Script | External | Passing Juice |
| CSP Evaluator Tool | External | Passing Juice |
| @we1x | External | Passing Juice |
| This challenge | External | Passing Juice |
| reach out to me on Twitter | External | Passing Juice |
| source code here | External | Passing Juice |
| “Kicking the Rims – A Guide for Securely Writing and Auditing Chrome Extensions” | Internal | Passing Juice |
| other platforms such as Electron, which have had extension research on the topic | External | Passing Juice |
| an academic paper written to describe Chrome’s extension security model | External | Passing Juice |
| 2013 blog post on an example of XSS in an intentionally-vulnerable extension | External | Passing Juice |
| such as this Chrome extension fingerprinting guide | External | Passing Juice |
| this write up on it | External | Passing Juice |
| Background Page | External | Passing Juice |
| declared APIs of the extension | External | Passing Juice |
| a vulnerability that resulted in arbitrary JavaScript execution in the Background Page context | Internal | Passing Juice |
| tarnish | Internal | Passing Juice |
| Electron | External | Passing Juice |
| NW.js | External | Passing Juice |
| Stealing from the Stainless, Security Anti-Patterns in the Extension World | Internal | Passing Juice |
| understanding the | External | Passing Juice |
| base32-encoded SHA256 hash of the Chrome extension private key | External | Passing Juice |
| Same Origin Policy | External | Passing Juice |
| Browser Action pages | External | Passing Juice |
| iframe | External | Passing Juice |
| window.opener | External | Passing Juice |
| by enabling Developer Mode in Chrome | External | Passing Juice |
| scoped for | External | Passing Juice |
| limited Chrome extension APIs | External | Passing Juice |
| chrome.runtime.sendMessage() | External | Passing Juice |
| window.addEventListener() | External | Passing Juice |
| postMessage() | External | Passing Juice |
| web_accessible_resources | External | Passing Juice |
| clickjacking | External | Passing Juice |
| Content Security Policy | External | Passing Juice |
| certain minimal requirements | External | Passing Juice |
| hold for <script>s with nonces | External | Passing Juice |
| https://example.com | External | Passing Juice |
| innerHTML | External | Passing Juice |
| the Grammarly Chrome extension made this mistake when they put sensitive authentication tokens in the DOM of all web | External | Passing Juice |
| page | External | Passing Juice |
| isTrusted | External | Passing Juice |
| checking the | External | Passing Juice |
| man in the middle attacks | External | Passing Juice |
| externally_connectable | External | Passing Juice |
| pointed to an old IP address | External | Passing Juice |
| unallocated | Internal | Passing Juice |
| cloud | External | Passing Juice |
| resources | External | Passing Juice |
| a CNAME to an expired domain name | External | Passing Juice |
| ZenMate VPN Chrome extension | External | Passing Juice |
| this post which goes further into details | Internal | Passing Juice |
| chrome.tabs.get() | External | Passing Juice |
| Tab | External | Passing Juice |
| URL() | External | Passing Juice |
| Retire.js | External | Passing Juice |
| June 07, 2018 | Internal | Passing Juice |
| “Steam Inventory Helper” | External | Passing Juice |
| “append()” | External | Passing Juice |
| ‘unsafe-eval’ | External | Passing Juice |
| “globalEval()” | External | Passing Juice |
| “eval()” | External | Passing Juice |
| June 04, 2018 | Internal | Passing Juice |
| Read&Write Chrome extension | External | Passing Juice |
| texthelp | External | Passing Juice |
| 2 | Internal | Passing Juice |
| 3 | Internal | Passing Juice |
| 13 | Internal | Passing Juice |
| Jekyll | External | noFollow |
| Neo-HPSTR Theme | External | noFollow |
SEO Keywords
Keywords Cloud
following script page extensions web function content from chrome extension
Keywords Consistency
| Keyword | Content | Title | Keywords | Description | Headings |
|---|---|---|---|---|---|
| extension | 139 |  |
|
|
 |
| chrome | 105 | |
|
|
|
| page | 84 | |
|
|
|
| from | 69 | |
|
|
|
| extensions | 60 | |
|
|
|
Usability
Url
Domain : thehackerblog.com
Length : 17
Favicon
Great, your website has a favicon.
Printability
We could not find a Print-Friendly CSS.
Language
Good. Your declared language is en.
Dublin Core
This page does not take advantage of Dublin Core.
Document
Doctype
HTML 5
Encoding
Perfect. Your declared charset is UTF-8.
W3C Validity
Errors : 0
Warnings : 0
Email Privacy
Great no email address has been found in plain text!
Deprecated HTML
Great! We haven't found deprecated HTML tags in your HTML.
Speed Tips
|
Excellent, your website doesn't use nested tables. |
|
Too bad, your website is using inline styles. |
|
Great, your website has few CSS files. |
|
Perfect, your website has few JavaScript files. |
|
Perfect, your website takes advantage of gzip. |
Mobile
Mobile Optimization
|
Apple Icon |
|
Meta Viewport Tag |
|
Flash content |
Optimization
XML Sitemap
Great, your website has an XML sitemap.
| /sitemap.xml |
Robots.txt
https://thehackerblog.com/robots.txt
Great, your website has a robots.txt file.
Analytics
Great, your website has an analytics tool.
Google Analytics |
PageSpeed Insights
Device
Categories
Free SEO Testing Tool
Free SEO Testing Tool is a free SEO tool which provides you content analysis of the website.