Severity: Apocalyptic -- your site spraying any data on HTTPS pages across Internet; difficult to bound exposure . https://bugs.chromium.org/p/project-zero/issues/detail?id=1139 …
-
-
-
@evahlis thought you should see this - 1 more reply
New conversation -
-
-
if you’re terminating SSL at the Cloudfare edge server aren’t you already out of compliance?
-
I would rate it as "A poorly advised choice" but if you treat Cloudflare as a conduit and have HTTPS from them to you maybe OK?
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.