Help & Support

AGL Website

Questions, discussions and feedback about the AGL website, My Account page, and our online services

Security vulnerabilities for myaccount.agl.com.au

c_Jerochim
Switched-on
‎14-01-2023 02:20 PM
1 Reply 1861 Views

Hi there,

 

I'm a new customer to AGL and started using your myaccount.agl.com.au.

 

I decided to run a scan on your security headers to the application and noticed no configuration has been setup for your security headers. 

After running both va securityheaders.com

- myaccount.agl.com.au

- secure.agl.com.au

They both return an F in the summary report which includes the following

- Strict-transport-security

- Content-Security-Policy

- X-Frame-Options

- X-Content-Type-Options

- Referrer-Policy

- Permissions-Policy 


As a customer, more concerned about the risk of using your service. 

Reply
0 Likes
Like
1 REPLY 1
David_AGL
AGL Community Manager
AGL Community Manager
‎17-01-2023 04:19 PM
0 Replies 1831 Views

Hi @c_Jerochim 

 

We've reviewed the findings of the report you've shared: The reason you're seeing these results is that 3rd party tools like the one you've used here are actually blocked from accessing details about our pages because of a security tool we use internally.

 

Our technical teams are aware of the headers you've mentioned and these are implemented as is appropriate to ensure security. We also perform regular penetration testing to assess vulnerabilities like these.

 

Thanks for taking an interest in our digital security - it's something we take very seriously.

Reply