Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Australian Internet banking and CDNs

Australian Internet banking and CDNs

Note: I do not care if their home page is on a CDN what matters is that the banking credentials and financial information is end to end encrypted from the financial institution and to your browser. There are no grantees that this is the case even with TLS. TLS might be terminated earlier e.g by a load-balancer or a CDN. I only checked the login pages since I don't have an account in all of the banks, that would be crazy. I tried to use Whois data and HTML headers to determine CDNs. This method is not foolproof so please take it with a grain of salt

Hostname CDN / Cloud Firewall Uses 3rd party assets without Subresource Integrity SSL Labs score comments Incapsula Yes A IP is owned by Incapsula B IP address owned by ANZ but has relation to "SingTel Optus Pty Ltd". Uses lots of type="hidden" fields on login form, Yes B The IP block is registered to westpac with relations to (merger) Akamai Yes blacklisted IP is owned by Akamai No B The IP block is registered to the financial institution. No 3rd-pary resources Nextgen Networks No B IP is owned by Nextgen Networks. Two image (gif) requests, one to and one to Yes B IP owned by Data Action Pty Ltd Requests to and Akamai Yes A+ IP is owned by Akamai
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment