Been thinking about writing a simple online security check specifically for Mastodon instances, to make it easier for end users to actually get a rough idea of the security of their instance.

Stuff I've been thinking about checking so far:
– Check if ports 3000/4000/Postgres are publicly reachable
– Check if Mastodon is up-to-date
– HTTP headers
– nginx/webserver version

Any other ideas for things to check?