2018-02-20 website test - hosting provider cookie security: Difference between revisions
No edit summary |
No edit summary |
||
Line 3: | Line 3: | ||
! Link !! Score !! Grade !! Cookies | ! Link !! Score !! Grade !! Cookies | ||
|- | |- | ||
| https://observatory.mozilla.org/analyze | | https://observatory.mozilla.org/analyze/strato.de || 5/100 || F || No cookies detected | ||
|- | |- | ||
| https://observatory.mozilla.org/analyze | | https://observatory.mozilla.org/analyze/ovh.de || 0/100 || F || -20 Cookies set without using the Secure flag or set over http | ||
|- | |- | ||
| https://observatory.mozilla.org/analyze | | https://observatory.mozilla.org/analyze/1und1.de || 0/100 || F || -20 Cookies set without using the Secure flag or set over http | ||
|- | |- | ||
| https://observatory.mozilla.org/analyze | | https://observatory.mozilla.org/analyze/inwx.de || 5/100 || F || -30 Session cookie set without using the HttpOnly flag | ||
|- | |- | ||
| https://observatory.mozilla.org/analyze | | https://observatory.mozilla.org/analyze/do.de || 25/100 || D- || -30 Session cookie set without using the HttpOnly flag | ||
|- | |- | ||
| https://observatory.mozilla.org/analyze | | https://observatory.mozilla.org/analyze/all-inkl.com || 0/100 || F || -40 Session cookie set without using the Secure flag or set over http | ||
|} | |} | ||
Latest revision as of 2020-02-21T04:10:51
Link | Score | Grade | Cookies |
---|---|---|---|
https://observatory.mozilla.org/analyze/strato.de | 5/100 | F | No cookies detected |
https://observatory.mozilla.org/analyze/ovh.de | 0/100 | F | -20 Cookies set without using the Secure flag or set over http |
https://observatory.mozilla.org/analyze/1und1.de | 0/100 | F | -20 Cookies set without using the Secure flag or set over http |
https://observatory.mozilla.org/analyze/inwx.de | 5/100 | F | -30 Session cookie set without using the HttpOnly flag |
https://observatory.mozilla.org/analyze/do.de | 25/100 | D- | -30 Session cookie set without using the HttpOnly flag |
https://observatory.mozilla.org/analyze/all-inkl.com | 0/100 | F | -40 Session cookie set without using the Secure flag or set over http |
- 2018-02-20 an email has been sent to OVH, 1und1, INWX, DO, ALL-inkl to inform them about the issue
- 2018-02-21 OVH: "Ich werde Ihr Feedback weiterleiten."
- 2018-02-21 DO: "Ich habe dies an unsere Technik weitergegeben. Diese wird das Überprüfen."
2018-07-07
- https://observatory.mozilla.org/analyze.html?host=do.de nun auch "F", aber: All cookies use the Secure flag and all session cookies use the HttpOnly flag
2018-09-20
- netcup.de : F, 15/100, 5/11. HTTP Strict Transport Security (HSTS) header not implemented
2018-10-05
- a1.net : F, 0/100, 6/11. Session cookie set without using the Secure flag or set over HTTP