Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
DoH how safe is it on a CloudFlare website?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: DoH how safe is it on a CloudFlare website? (Read 847 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33926
malware fighter
DoH how safe is it on a CloudFlare website?
«
on:
October 25, 2019, 04:25:47 PM »
Checked a random:
https://urlscan.io/result/2469a9a7-049e-4128-b2d9-6d3a47467c0b/
Advise through linting:
https://webhint.io/scanner/ba1b1456-729b-4dec-96d2-a6a7f7eeb25a
(115 recommendations).
See scan on the server it is on:
https://toolbar.netcraft.com/site_report?url=server368.snel.com
See:
https://webcookies.org/cookies/www.snel.com/4194442
See:
https://www.shodan.io/host/68.70.205.3
49 linting recommendations:
https://webhint.io/scanner/b81c389d-a250-4e8b-b4d5-3c9d452f8abd
Main header security flaws to mention here are:- no header set for acess-control-allow-origin; cache-control;
x-xss-protection; content-security-policy. No page meta security headers being set.
-cfuid no secure attribute set, no host only attrribute set.
Will the CloudFlare DoH & Google DoH brings us better security or is this another partial solution,
that will further benefit the interests of CloudFlare's and Google's?
polonus (volunteer 3rd part cold recon website security analyst and website error-hunter)
«
Last Edit: October 25, 2019, 04:30:48 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33926
malware fighter
Re: DoH how safe is it on a CloudFlare website?
«
Reply #1 on:
October 25, 2019, 06:54:11 PM »
Secure but a gigantic amount of improvement recommendations to follow.
Where, see:
https://urlscan.io/result/00baa7d6-917a-4e96-9a06-9fcbe2b60926/
Also:
https://webcookies.org/cookies/www.voordeelvanger.nl/28572590?548825
Re:
https://webhint.io/scanner/7070f20d-15db-43cc-8ede-d57e4cb6c59f
Re:
https://sitecheck.sucuri.net/results/www.voordeelvanger.nl
Re:
https://www.shodan.io/host/159.69.141.105
Also 2 vulnerable jQuery libraries:
https://retire.insecurity.today/#!/scan/c1a128785acdee19a41c9f267eb9b4b2d7d9fe6aee0c4f245aeef4bd0be0a1a1
Site opens up to:
https://cdnjs.cloudflare.com/ajax/libs/socket.io/2.1.1/socket.io.js
uMatrix blocks this for me: -https://bat.bing.com/bat.js
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
DoH how safe is it on a CloudFlare website?