Security vulnerabilities for myaccount.agl.com.au

c_Jerochim
Switched-on
1 Reply 1859 Views

Hi there,

 

I'm a new customer to AGL and started using your myaccount.agl.com.au.

 

I decided to run a scan on your security headers to the application and noticed no configuration has been setup for your security headers. 

After running both va securityheaders.com

- myaccount.agl.com.au

- secure.agl.com.au

They both return an F in the summary report which includes the following

- Strict-transport-security

- Content-Security-Policy

- X-Frame-Options

- X-Content-Type-Options

- Referrer-Policy

- Permissions-Policy 


As a customer, more concerned about the risk of using your service. 

1 REPLY 1
David_AGL
AGL Community Manager
0 Replies 1829 Views

Hi @c_Jerochim 

 

We've reviewed the findings of the report you've shared: The reason you're seeing these results is that 3rd party tools like the one you've used here are actually blocked from accessing details about our pages because of a security tool we use internally.

 

Our technical teams are aware of the headers you've mentioned and these are implemented as is appropriate to ensure security. We also perform regular penetration testing to assess vulnerabilities like these.

 

Thanks for taking an interest in our digital security - it's something we take very seriously.