How can a big website like this have so many issues?

Re: see all big alerts!’ in the sacn results here: https://privacyscore.org/site/112202/

moment.js jQuery library to be retired: https://retire.insecurity.today/#!/scan/d86ed7a0b5e5944e4444258f094c96008ab4fd5684d8a850f79f8a5d7c989469

17 potential problems detected here: https://aw-snap.info/file-viewer/?protocol=secure&tgt=www.washingtonpost.com&ref_sel=GSP2&ua_sel=ff&fs=1

Facebook snooping: -https://ml314.com/utsync.ashx?pub=748&adv=&et=0&eid=&ct=js&pi=5978151423848599290&fp=&clid=&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fcdn.krxd.net%2Fpartnerjs%2Fxdi%2Fproxy.3d2100fd7107262ecb55ce6847f01fa5.html%23!kxcid%3DIbWIJ0xh%26kxt%3Dhttps%253A%252F%252Fwww.washingtonpost.com%26kxcl%3Dcdn%26kxp%3D&pv=1533905619373_1oym77k93&bl=en-us&cb=48166&return=%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dmadisonlogic%26partner_uid%3D[PersonID]&ht=&d=&dc=&si=1533905619373_1oym77k93&cid=&s=1024x768&rp=https%3A%2F%2Fwww.washingtonpost.com%2F%3Fnoredirect%3Don

Rather block this also: -https://mb.moatads.com/yi.js?ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_JRM!6t9B%2CN%3Ey)%2ChXbvU37_NhSfBghz%5DAOz3WFZlNW%3D2W%7BTZm%24pD7X%3Ai%3C%3FdKHapzrIw(%60MVu%2Fs1Sqks!o%7B25jAbj19SUF%60(a~M%3Ai%60K%25_9.rV0%2F%60E%60%60tN%24%26x%5E%2F8%7BiI%3Df%3Cc%2CekO2m%2F%26u~q%60RP%3CG.FTVGX%5E8Y.Nl5*ZRoRd%7BDI%3F5B7LUUOhBUFj8V&qp=00000&qq=000000000000&qr=0&is=BBBBBBB5BBCBBBBBBBBBBCCCBBBBBCCCcB7BBBCBBCBBBCCCCBBBCg4BCFCRCBOZBBBSBBBBBBBBBBBBBBBBBBCBipBBCBBmBBBCBBBBBBBxCCBBqCv1CfCCJiMeiCCCCCCCCVMCBBBBBBBBQBBBeBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCEB5BBC9CBBBCpnICyRBBBBBBBBBBBBBBBC9ThFF3cBBBCBBBBBBB7BBdBz1BCBBPBBpCBJUBBBBBBICCCCCCCCCDDDDCCCBBh2eBBBGI57kNBBBBoBBByseBBBBB&iv=6&gz=0&hh=0&hn=0&qt=1&tw=null&url=https%3A%2F%2Fwww.washingtonpost.com%2F%3Fnoredirect%3Don&confidence=2&pcode=washpostprebidheader710741008563&callback=MoatNadoAllJsonpRequest_83771976

Moatads is an adware server, that one day may start to show ads on your screens, folks. Better be without it.

and then these Fastly links:

  1. -https://c.go-mpulse.net/api/config.json?key=W8234-EWWKH-SQWJU-EAC6K-7AE5Z&d=www.washingtonpost.com&t=5113019&v=1.571.0&if=&sl=0&si=9uooqyf6oyb-NaN&plugins=DuplicateTimersToBeacon,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,Angular,Backbone,Ember,History,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,LOGN&acao=

& this one also from Fastly:
2. -https://cdn.krxd.net/controltag?confid=IbWIJ0xh

Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK

But spamming via DOM-XSS for Results from scanning URL: hxtps://www.cialisfordailyuse.store
Number of sources found: 78
Number of sinks found: 534 (coming in via moatads?).

Sinks and sources galore here: Results from scanning URL: htxps://www.washingtonpost.com/pb/gr/ro/default/rGUfFF1AVUgk0r/load_immediately/1688178829.js?_=5186d
Number of sources found: 191
Number of sinks found: 127

I ask you in all honesty, good people, how many telemetry monitoring do you end-user want to allow?
Big Data wins and rules on all fronts now, and it also is threatening your privacy and security online.
Take back your free Interwebs. :wink:

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)