See sri hash issues: https://sritest.io/#report/44e79d49-5bea-4426-81d8-300c4ea76f6c F-status.
See: https://aw-snap.info/file-viewer/?protocol=secure&tgt=www.mcpsva.org&ref_sel=GSP2&ua_sel=ff&fs=1
DOM XSS sources and sinks: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.mcpsva.org
Retirable jQuery code three libraries to be retired: http://retire.insecurity.today/#!/scan/27af78cd564f01ae42da5f798ac007ba268d474f7ffe8e7ade3d5f7a67c3ac6d
F-status and recommended change: https://observatory.mozilla.org/analyze.html?host=www.mcpsva.org
Custom errors;Fail and three warnings: https://asafaweb.com/Scan?Url=https%3A%2F%2Fwww.mcpsva.org
On Amazon Cloud & PaaS. https://urlscan.io/result/d1b7811f-7b01-4ba7-b0cc-49e822f8d113#summary
cookies report: https://webcookies.org/cookies/www.mcpsva.org/3525290 Base64-encoded cookies.
__utma
Google Analytics tracking cookie » More…
Type: HTTP Cookie
Domain: www.mcpsva.org
This cookie expires in 730 days
httpOnly This cookie does not set httpOnly and can be read by JavaScript. This might be a problem if this cookie contains an authentication-related session token » More…
Size: 46 bytes
Sample value:
1.228786891.1492726873.1492726873.1492726873.1 See the asafaweb scan for that warning!
Various same origin persistent cookies.
polonus (volunteer website security analyst and website error-hunter)