Add some tips for another checks

[juffalow]

If you have some other things you check on your pages, please, share it.

[ladislavmoravek]

• remove/change the "server" response header or at least remove the version number
• also remove or change X-Generator or X-Powered-By etc. response headers, I'm sure there are tons of other ways to find out the CMS/framework or whatever is behind the generated code, but why not making it a little bit harder? :)
• Also make sure to replace/remove the default host html. Point an nonexisting vhost/domain to your web server. It should probably return some 4-- error or a blank page, but not the default "It works!" kind of page.
• Check session for jailbreak in case of session being stored on disk or for mysql injection in case of storing session in mysql and so on. Never trust the user :)

[Kubik2000]

the items that would be great to have in the tool

• triggering the test suite not only for one url but also for sitemap.xml
• on index page is at least one H1
• < meta name="Description" > is set
• < title > is set
• what will happens for noscript aka disabled all javascript if there is some text for it
• site/robots.txt exists
• favicon.ico exists
• 404 exists or redirects to homepage
• lighthouse using the Node CLI ?
• if possible list test results as they come in instead of waiting until everything has finished executing

[Kubik2000]

• sitemap.xml exists
• tests against googlebot aka chrome 41
• run W3C Markup Validator Web Service API
• Images have alt text
• check if the site is hosted using HTTP/2

[Kubik2000]

• check if the page is in Mixed content https mode
• no duplicate id elements