See what the security related implementations of https everywhere meant
for this random case chosen from HTTPS Everywhere Atlas:
https://atlas.eff.org//domains/wareable.com.html
I do not criticize it, but we should take good notion of all of this and see
where improvements can be made for website development in general (pol).
Re: https://webcookies.org/cookies/www.wareable.com/2218452?655200
See DOM-XSS sources and sinks: Results from scanning URL: -http://www.wareable.com (Javascript = React)
/assets/dist/js/index.8ff84803f2a15966bb29.js:38
Number of sources found: 2
Number of sinks found: 241
Results from scanning URL: -https://www.wareable.com/vassets/packages/tippingcanoe/referrer-tracking/reftrack.min.js
Number of sources found: 3
Number of sinks found: 3
Results from scanning URL: -https://www.wareable.com/vassets/packages/tippingcanoe/referrer-tracking/reftrack.min.js
Number of sources found: 59
Number of sinks found: 19
Results from scanning URL: -https://www.wareable.com/assets/dist/js/index.8ff84803f2a15966bb29.js
Number of sources found: 59
Number of sinks found: 19
21 security related recommendations after linting:
see: https://webhint.io/scanner/2265b59b-712d-46e4-b8ee-146fd4eb28f1#category-Security
for disown-opener; no-protocol-relative-urls; sri; strict-transport-security; validate-set-cookie-header; x-content-type-options;
no vulnerable-javascript (retirable jQuery library alert).
Javascript error alerted
TypeError: Failed to execute ‘observe’ on ‘MutationObserver’: parameter 1 is not of type ‘Node’.
/assets/dist/js/index.8ff84803f2a15966bb29.js:38
Website on Cloudflare: https://toolbar.netcraft.com/site_report?url=https://www.wareable.com
HTTP Security headers insecure for (header not returned)
cache-control
no-cache
x-content-type-options
x-xss-protection
x-frame-option
content-security-policy
Cookie security options (4 cookies) http only attribute for upasid & XSRF-Token cookies
Autocomplete settings not secure for noname HTML form
Stack info: .drweb_select-panel z-index=“2147483647”
#slidemenu.slidemenu-box z-index=“9999”#slidemenu-close-btn.slidemenu-close-btn z-index=“200”
.overflow-dropdown-menu. z-index=“1000”
.overflow-dropdown-menu. z-index=“1000”
In link-details: #site-box
#publisherDetails
#slidemenu#slidemenu-close-btn#overlay
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)