The last review was a financial magazine website. Let’s be honest, security matters far more to a bank than to a magazine site; and rightly so. So this time, we’re taking a look at https://usbank.com Misssing headers for main site response X-Frame-OptionsMissing Referrer-PolicyMissing Content-Security-PolicyHSTS flag present HSTS header missing preloadHSTS header does not include subdomainsMissing…
Website Review: Forbes.com
In this post, we review the web security posture of forbes.com Let’s first browse to the website and view the security headers returned on the main site as well as the trackers used. HTTP/2.0 200 OK cache-control: public, max-age=300 content-encoding: gzip content-type: text/html; charset=utf-8 server: istio-envoy x-envoy-upstream-service-time: 513 backend: dnsresolver x-backend: simple-site-prod x-yourttl: 300.000 accept-ranges:…
Init
Hello. My name is Todd and I’d like to welcome you to Todd Cullum Research. In this blog, I will be posting my software-related research and development. If you would like to learn more about who I am, feel free to visit the About section. I hope you enjoy your time here and find the…
-
Recent Posts
Archives
Categories
Meta