Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Australian Internet banking and CDNs

Australian Internet banking and CDNs

Note: I do not care if their home page is on a CDN what matters is that the banking credentials and financial information is end to end encrypted from the financial institution and to your browser. There are no grantees that this is the case even with TLS. TLS might be terminated earlier e.g by a load-balancer or a CDN. I only checked the login pages since I don't have an account in all of the banks, that would be crazy. I tried to use Whois data and HTML headers to determine CDNs. This method is not foolproof so please take it with a grain of salt

Hostname CDN / Cloud Firewall Uses 3rd party assets without Subresource Integrity SSL Labs score comments
internetbanking.suncorpbank.com.au Incapsula Yes A IP is owned by Incapsula
banking3.anz.com B IP address owned by ANZ but has relation to "SingTel Optus Pty Ltd". Uses lots of type="hidden" fields on login form,
banking.westpac.com.au Yes B The IP block is registered to westpac with relations to stgeorge.com.au (merger)
ib.nab.com.au Akamai Yes blacklisted IP is owned by Akamai
ibanking.stgeorge.com.au No B The IP block is registered to the financial institution. No 3rd-pary resources
www.ib.boq.com.au Nextgen Networks No B IP is owned by Nextgen Networks. Two image (gif) requests, one to 127.0.0.1 and one to 138.217.54.116
digital.bankaust.com.au Yes B IP owned by Data Action Pty Ltd Requests to google-analytics.com and userservices.vip.symantec.com
www.my.commbank.com.au Akamai Yes A+ IP is owned by Akamai
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.