Category: Website Reviews

Site review: Usbank.com

The last review was a financial magazine website. Let’s be honest, security matters far more to a bank than to a magazine site; and rightly so. So this time, we’re taking a look at https://usbank.com Misssing headers for main site response X-Frame-OptionsMissing Referrer-PolicyMissing Content-Security-PolicyHSTS flag present HSTS header missing preloadHSTS header does not include subdomainsMissing…


Website Review: Forbes.com

In this post, we review the web security posture of forbes.com Let’s first browse to the website and view the security headers returned on the main site as well as the trackers used. HTTP/2.0 200 OK cache-control: public, max-age=300 content-encoding: gzip content-type: text/html; charset=utf-8 server: istio-envoy x-envoy-upstream-service-time: 513 backend: dnsresolver x-backend: simple-site-prod x-yourttl: 300.000 accept-ranges:…