I snap researched it today. Its antique, no contest and no use to bother with it of the last windows 5+ version.
How to fix this one single CRITICAL cookie set by JavaScript should not be sent over HTTP This critical test executed in ≈265ms and failed for the following reason: The cookie was sent to the server.
It must be a bug, when I click on the link it automatically opens https. Considering I have port 80 blocked, it is not possible. Edge most likely switches to https and the test just checks, if the cookie was sent or not.
It's gotta be since I not been able to scratch that one display no matter what. Really of no definite concern since safe browsing is the priority and rarely venture away to potential murky sites.
Version 93 Firefox today with no extensions. https://www.wilderssecurity.com/threads/new-firefox-browser-version-released.361562/page-150
https://browseraudit.com/ IP: 146.169.2.218 - Many other domain name variations match this IP address but seem to redirect to the same browseraudit software. (Reverse DNS: browseraudit.doc.ic.ac.uk) Code: 365,18,1,20 Microsoft Edge 98.0.1108.56 (Official build) (arm64) All Extensions Disabled. 354,29,1,20 Google Chrome 98.0.4758.102 (Official Build) (arm64) All Extensions Disabled. 374,10,0,20 Mozilla Firefox 97.0.1 (64-bit) Safe Mode. 359,21,0,24 Apple Safari 15.3 17612.4.9.1.8 No Extensions Installed. 363,18,0,23 Tor Browser 11.0.6 (based on Mozilla Firefox 91.6.0esr) (64-bit) As Installed. Tested on a macOS 12.2.1 (21D62) Monterey - M1 Pro/ARM64 MBP18,1 platform. Reference: BrowserAudit: Automated Testing of Browser Security Features Last Edit Date: 17-February-2022, Updated Firefox & Edge.
Warning 10 Critical 2 Skipped 20 in Critical: Allowparent: document.domain = "browseraudit.com", child: document.domain = "browseraudit.com" DO you know any way to combat it?
Code: 361,22,1,20 Google Chrome 98.0.4758.109 (Official Build) (arm64) All Extensions Disabled. Reference: BrowserAudit - How secure is your browser? Last Edit Date: 22-February-2022, Updated Google Chrome.
FWIW: Code: 365,18,1,20 Google Chrome Version 99.0.4844.51 (Official Build) (arm64) All extensions disabled. Last Edit Date: 1-March-2022, Updated Google Chrome.
Code: 374,10.0.20 Mozilla Firefox 97.0.2 (64-bit) Safe Mode. Last Edit Date: 4-March-2022, Updated Mozilla Firefox.
Hello @IvoShoen Although your result had to be the product of a Firefox beta (98.0b9 ?), I hope Mozilla's release version won't have lost any of it security. It would be no easy task to see if the BrowserAudit developers update their code as they don't seem very chatty... As Mozilla's Firefox is my browser of choice, I do appreciate your post.
Here is Firefox 97.0.2--unsandboxed. Four warnings related to "WebSocket connecting...." and the rest were kind of scattered around. I'm pretty satisfied with these results. Spoiler: ff97.0.2
This test can provide guidance, but should NOT be considered as "non plus ultra". If I am not mistaken, it is still 7 years old. In addition, still considering the year 2015, some safety issues are not taken into account: Source: https://331.cybersec.fun/browseraudit.pdf
Well, OK, so we can't place the same value on any results as we could 7 years ago, but can any value be placed at all? Speaking for myself, I would have no clue as to what is still relevant today upon looking at the individual test components.
If I remember correctly, there are 400 tests, so it is a bit difficult to say which of them are more representative today than 7 years ago. Personally I think today security is quite related to privacy. Probably 7 years ago they were two concepts more divergent than today. Personally I think it's fundamental in browsers to reduce the exposure to insecure cipher suites. I would like to recommend that W. members take the test: https://browserleaks.com/ssl A test like BrowserAudit won't consider this trick. Can BrowserAudit detect whether my Edge at IL appcontainer in a Windows OS is more secure than another Edge at higher IL? Etc.....etc...
Thanks for the reply. It's enough to where I can no longer have confidence in BrowserAudit. The browserleaks link did show a similar and good result. I'll just keep Firefox rigorously updated and make sure my uBO lists are up to date as well; that should be enough.
I have reduced in my Edge the Insecure Chiper Suites to 1: With Firefox it is much easier to do this. Of course you have to check if all the websites you visit are reachable.
Is this Browser Audit still pretty relevant? I specifically mean not so much EDGE but straight on Chrome-Firefox etc