Considering it. Backend is Go on a single-node K8s-"Cluster". Frontend is vanilla JS on the same Hetzner-Box. Code-situation in the midst of this ongoing "HN-Feuertaufe" is a bit … well.

What would make it useful for you - self-hosting capability, or contributing to detection logic?

I am considering a api but need stability first.

Fixed. I was matching a link TO GitHub as hosting ON GitHub. Now only embeds and actual hosting count, not href links.

Sorry and thanks for pointing me there.

Hey wink ()

true. some socialmedia was too aggressive - should be resolved.

for yt: i tried to fix the lazy-loaded YouTube detection. Tool now catches: - iframes with data-src - web components: <lite-youtube>, <lite-youtube-embed>, <youtube-video>, <lite-vimeo>, <lite-vimeo-embed>, <vimeo-video>

One thing I stumbled over: if YT-URL only lives inside a JS variable and gets injected on click with no trace in the HTML. That's a static analysis limitation.

And: React facades that load a YouTube thumbnail → already detected. React facades that use a local/self-hosted placeholder image with only a video ID in a data attribute → not detected.

You mind sharing a URL so I can verify it works against your site?

Thanks for helping already!

Hey, unfortunately I don't have an url for you but a paste:

https://topaz.github.io/paste/#XQAAAQB5AgAAAAAAAAAQaIsMhpPLj...

Right. Missed Azure. Fix is live now. Would be great if you could recheck and confirm. Thanks for helping me out by reporting.

Hi,

i have fixed the Vercel detection. Also added Netlify header detection (via x-nf-request-id).

DNS-proxieng is not taken into account. Maybe will do that in the future.

Thanks for reporting!

I know some sites serve incomplete cert chains (missing the intermediate). Browsers fix this automatically, Go doesn't. have your tested a site with broken cert chain? got a url to share? Would help me pin down the issue.

Thanks!

1. Link to X profile ≠ dependency on X. Will differentiate links from embeds in v0.2.

2. Registrar check is a good thinking. Already have some stubs in the codebase. Namecheap is US and could theoretically be compelled. Adding to roadmap.

Thanks!

Thanks for the Bugs Bunny. I'm detecting a LINK to GitHub Pages and marking it as hosting. That's wrong - hosting should only flag when the actual page is served from there.

Re fonts: "self-hosted" means fonts served from your domain (vs Google Fonts CDN). If you're using system fonts, that's a detection error on my end.

Both going in on the fix list. Thanks.

Was a bug. Now some kind of Snowden-Approved-Feature.

Fair points, all of them.

The nsa.gov thing: :)

The reals: 1. Hosting detection: I'm matching links TO GitHub as hosting ON GitHub. That's wrong. Fix incoming.

2. US-hosted sites getting 100%: My ASN lookup isn't catching everything. I opted against GeoIP services (privacy reasons), but clearly the ASN-only approach has to much gaps.

3. Social links vs embeds: You're right. A link to Twitter isn't a dependency. An embed is. Will differentiate.

4. gov.uk/gov.cn perfect scores: The tool checks infrastructure, not jurisdiction. gov.uk probably serves from EU edge nodes. That said, the name. Also tried to mention this in the Methodology-Modal. But iterating on all legalese and features same time as a single dev did not land well with my sleeping patterns for v0.1. Will fix that too.

"EU sovereignty" is misleading for non-EU countries - point taken. Will think about better framings.

Update on the Cloudflare point: I now detect Vercel and Netlify hosting via response headers (catches custom domains). Cloudflare as CDN/DNS proxy is intentionally not flagged as US hosting — the origin server behind it could be EU. This is documented in the methodology popup.

The other issues you raised (social links vs embeds, US-hosted sites not detected) were fixed in earlier updates.