This project is an initial pass - there is much more information that can be represented in dashboards to great effect. Below are some of the further ideas for both for future work on this project. Feel free to add your ideas here, too.
- For the DAP Dashboard
- Number of pages from a domain reporting into DAP
- Page Status (e.g. 200, 404, etc) of all of the required urls in the OMB website memo.
- Potentially including subcomponents such as robots.txt
- Number or list of subdomains from a domain reporting into DAP
- More ideas from this report
- Test the deeper config options that the DAP snippet should be employing, such as IP anonymization, Event tracking, Demographics turned off, and ?????. (Possibly using headless browser)
- Does the site require “www”? Does it require not using “www”?
- Load time (server-side)
- More performance issues, derived from https://standards.usa.gov/performance/
- What the domain is CNAMED to, e.g. wordpress.com, github.io. Consider 'DNS scanning using something like the
digCLI command to look for common services that .gov domains are CNAME'd to and then maybe to look at their FedRAMP status.' - More of the scans in observatory.mozilla.org
- Scan for SPF records
- Mobile friendliness (poss. using Google's Mobile Friendly Test)
- Mixed content detection (linking to insecure resources)
- Use of third party services
- STARTTLS email server encryption
- 508 compliance (poss. with http://pa11y.org/)
- Any other items listed in the OMB letter to OGP passing along .gov domain issuance
- Lighter or fun things - like how many domains start with each letter of the alphabet, what the last 10 that came out were, etc.
- 2FA or Connect.gov ? - Not sure how it would work but note Section 3's requirement in this EO
- Anything from/with itdashboard.gov
- Site hosting details
- open source
- Look at what Ben tracked - example
- IPv6
- DNSSEC
- https://monitor.dnsops.gov/
- What else can we get from Verisign?
- Ideas from the GDS effort.
- Several good ideas here.
- plain language/readability