Australian Internet banking and CDNs
Note: I do not care if their home page is on a CDN what matters is that the banking credentials and financial information is end to end encrypted from the financial institution and to your browser. There are no grantees that this is the case even with TLS. TLS might be terminated earlier e.g by a load-balancer or a CDN. I only checked the login pages since I don't have an account in all of the banks, that would be crazy. I tried to use Whois data and HTML headers to determine CDNs. This method is not foolproof so please take it with a grain of salt
Hostname |
CDN / Cloud Firewall |
Uses 3rd party assets without Subresource Integrity |
SSL Labs score |
comments |
internetbanking.suncorpbank.com.au |
Incapsula |
Yes |
A |
IP is owned by Incapsula |
banking3.anz.com |
|
|
B |
IP address owned by ANZ but has relation to "SingTel Optus Pty Ltd". Uses lots of type="hidden" fields on login form, |
banking.wes |
|
|
|
|