security123

Level 1
Hello! This is my first post here and i want start with a suggestion for the whole forum:

It sadly miss a Content Security Policy (CSP) header, which can be tested here:
and here:

Also as you can see on that test sites, other headers/ improvements are left too. Like:
Referrer Policy, Subresource Integrity (SRI), HTTP Public Key Pinning

Would be awesome if this can be fixed, as this forum is about Security so it's only valid that the site/ forum have good security too.
 

Umbra

Level 21
Verified
Hello! This is my first post here and i want start with a suggestion for the whole forum:

It sadly miss a Content Security Policy (CSP) header, which can be tested here:
and here:

Also as you can see on that test sites, other headers/ improvements are left too. Like:
Referrer Policy, Subresource Integrity (SRI), HTTP Public Key Pinning

Would be awesome if this can be fixed, as this forum is about Security so it's only valid that the site/ forum have good security too.
Malwaretips is using XenForo, so i'm not sure it is to the forum admin to implement those or to the XenForo developers.
 

Sampei Nihira

Level 3
Verified
If any member of MT wants to perform a test to check the effectiveness of their XXS protections they can do it:

http://www.example.com/>"><script>alert("XSS")</script>&


My test:


200.JPG

P.S.
I inserted the link with:
"plain" "/plain"

I was unable to find another system to have it completely inactive.
 
Last edited: