How I Score Your Website's Security (And Why I Rebuilt It From Scratch)

AmIHackable ? I tested my scanner against Mozilla Observatory on 229 sites, found I was wrong on 40% of them, and rebuilt my entire approach. Here's everything I learned. The problem: security scores that lie I built AmIHackable to give developers a clear picture of their website's security. Paste your URL, get a score, fix what matters. Simple. Except it wasn't simple. Users started telling me things like: "My site is a React SPA on Netlify. Your scanner says I have WordPress, PHP, and an exposed .env file. None of that is true." "You gave me 3/10 but Mozilla Observatory gives me B+. Your score is misleading for a site with TLS 1.3, solid auth, and zero XSS surface." "The scanner flagged dangerouslySetInnerHTML as an XSS risk — but that string doesn't exist anywhere in my code. It's in React's own bundle." These weren't edge cases. When I dug into the data, I found systematic problems. I compared my scores against Mozilla Observatory on 229 real sites. The results were uncomfortable:

How I Score Your Website's Security (And Why I Rebuilt It From Scratch)

Related Articles

How to Back Up Your Android Phone (2026)

Mining the deep ocean

CA 08 - Sort 0s, 1s, and 2s

PDF to LaTeX Conversion: Why It's Hard and What Actually Works

The Art of Motivation and Inspiration ✨

Related Articles

How-To
How to Back Up Your Android Phone (2026)
Wired • 5h ago

How-To
Mining the deep ocean
Ars Technica • 6h ago

How-To
CA 08 - Sort 0s, 1s, and 2s
Dev.to • 7h ago

How-To
PDF to LaTeX Conversion: Why It's Hard and What Actually Works
Dev.to Tutorial • 7h ago

How-To
The Art of Motivation and Inspiration ✨
Medium Programming • 9h ago