Author Topic: HTTPS Everywhere site with issues... (Read 1380 times)

polonus · « **on:** March 04, 2016, 12:59:49 AM »

See: https://www.eff.org/https-everywhere/atlas/domains/haarlemmermeer.nl.html
https://www.eff.org/deeplinks/2013/12/nsa-turns-cookies-and-more-surveillance-beacons
Unique IDs about your web browsing habits have been insecurely sent to third parties.

d5fb79cb40414a3091d42dxxxxxxxxxxx445965753
-local.adguard.com

At least 10 third parties know you are on this
webpage.

-haarlemmermeergemeente.nl -haarlemmermeergemeente.nl
-wsstatic.servmetric.com
-hitcounter.servmetric.com
-local.adguard.com
-Google
-Google
-Google
-ssl.siteimprove.com
-Google
-New Relic

SRI Issues: https://sritest.io/#report/88afe8c6-6b8b-40cb-89c8-b2c2ac022393

jQuery library to be retired: -https://haarlemmermeergemeente.nl/
Detected libraries:
jquery - 1.7.2 : (active1) -https://haarlemmermeergemeente.nl/sites/default/files/js/js_jpJjaUC0z8JMIyav5oQrYykDRUb64rpaUDpB4Y9aklU.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery-ui-dialog - 1.10.2 : (active1) -https://haarlemmermeergemeente.nl/
(active) - the library was also found to be active by running code
1 vulnerable library detected

Webserver Header Ifo Proliferation: HTTP Server: nginx 1.4.6
Operating System: Ubuntu 14.04 LTS (Trusty Tahr)
PHP Version: 5.5.9-1ubuntu4.11
Encryption (HTTPS) (1)
Communication is encrypted

polonus (volunteer website security analyst and website error-hunter)