Website Security Test of www.pinterest.com

Executive Summary for www.pinterest.com

• Web Software Security Test
  2 third-party web software dependancies were identified. All appear to be outdated, but no known vulnerabilities were detected. One identified third-party web software dependancy has an unknown version. No Content Management System (CMS) was identified. The following CMS components, JS-libraries or frameworks were identified: core-js, react. Show details.
• GDPR Compliance Test
  Potential GDPR compliance issues were identified related to Cookie Protection. Show details.
• PCI DSS Compliance Test
  The website is compliant with PCI DSS Requirement 6.3, while being non-compliant with Requirement 6.4. Show details.
• HTTP Headers Security Test
  Issues were identified with key security header misconfigured Content-Security-Policy. Optional HTTP headers appear to be properly configured: Referrer-Policy, Reporting-Endpoints, Cross-Origin-Opener-Policy-Report-Only. Deprecated HTTP headers detected: X-XSS-Protection. Show details.
• Content Security Policy (CSP) Test
  Content-Security-Policy is enforced but configuration issues were identified: overly permissive directives, directive errors, deprecated directives. A report-only Content-Security-Policy is not present. Show details.
• Cookies Privacy and Security Test
  4 cookies detected; csrftoken, _auth, _routing_id have security or privacy-related configuration issues. Show details.
• External Content Security Test
  156 external requests detected; 2 requests failed. SRI is not used for 89 third-party JavaScript and CSS files. Show details.
• Protection from Data Scraping Test
  8 robots.txt rules and 6 bot protection mechanisms detected. No protection detected via User-Agent blocks or meta restrictions. Show details.
• DNSSEC Configuration Test
  DNS CNAME record detected; DNSSEC signatures are not present. Show details.