Hi hb3,
Eddy covered most of the insecurity aspects of that web site's configuration, also please consider following results:
F- and E-Status:
https://observatory.mozilla.org/analyze.html?host=braunforpresident.usServer header info proliferation (make your server talk less loud, please): Apache/1.3.27 Unix mod_python/2.7.8 Python/2.2.2 mod_webapp/1.2.0-dev mod_perl/1.28 mod_throttle/3.1.2 PHP/4.3.2 FrontPage/5.0.2.2510 mod_ssl/2.8.14 OpenSSL/0.9.7c
see:
http://toolbar.netcraft.com/site_report?url=http://braunforpresident.usSRI-hashes issues:
https://sritest.io/#report/51e593ed-0d69-427e-93be-7ae1f3b323c5IDs-tracking issue: 60% of the trackers on this site could be protecting you from NSA snooping. Tell braunforpresident.us to fix it.
Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
-cdnjs.cloudflare.com __cfduid *
bde08af499bc3f85de0006d59884708e -braunforpresident.us phpsessid
* increased insecurity because <link rel="stylesheet" id="fontawesome-css" href="-http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.1.0/css/font-awesome.min.css?ver=4.6" type="text/css" media="all"> has Missing SRI hash.
Tracking IDs could be sent safely if this site was secure.
Tracking IDs do not support secure transmission.
page meta-security headers were not set secure for content-security-policy and for cache-control.
cookie security options set OK.
polonus (volunteer website security analyst and website error-hunter)