Comment by cmkr
Fair points, all of them.
The nsa.gov thing: :)
The reals: 1. Hosting detection: I'm matching links TO GitHub as hosting ON GitHub. That's wrong. Fix incoming.
2. US-hosted sites getting 100%: My ASN lookup isn't catching everything. I opted against GeoIP services (privacy reasons), but clearly the ASN-only approach has to much gaps.
3. Social links vs embeds: You're right. A link to Twitter isn't a dependency. An embed is. Will differentiate.
4. gov.uk/gov.cn perfect scores: The tool checks infrastructure, not jurisdiction. gov.uk probably serves from EU edge nodes. That said, the name. Also tried to mention this in the Methodology-Modal. But iterating on all legalese and features same time as a single dev did not land well with my sleeping patterns for v0.1. Will fix that too.
"EU sovereignty" is misleading for non-EU countries - point taken. Will think about better framings.
Update on the Cloudflare point: I now detect Vercel and Netlify hosting via response headers (catches custom domains). Cloudflare as CDN/DNS proxy is intentionally not flagged as US hosting — the origin server behind it could be EU. This is documented in the methodology popup.
The other issues you raised (social links vs embeds, US-hosted sites not detected) were fixed in earlier updates.