See the insecurity there: https://sritest.io/#report/8a1dbe66-e008-4109-8cfe-cc093c555bb8
detected retirable library: http://retire.insecurity.today/#!/scan/a5ce924d1cd9e6db9fe9dd737533c1d5dc80051a55265a1250c3806307e7530e
Other insecurity: https://observatory.mozilla.org/analyze.html?host=www.animafac.net F-status.
Certificate Transparency:
Not embedded in certificate OCSP Lets Encrypt Authority X3 certificate.
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Enabled
Next Protocol Negotiation:
Not Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Verisign abuse: http://toolbar.netcraft.com/site_report?url=+https%3A%2F%2Fwww.animafac.net
And exploitability here? http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.animafac.net
Privilege escalation via Yoast SEO plugin v4.7.1 exploitability.
Remember compromittal is always via some low hanging fruit (pol).
polonus (volunteer website security analyst and website error-hunter)