https://www.wired.com/images/icons/nav/culture.png

Category: News

Keywords: dark twin boson higgs makes media delete reveal scroll social endless privacy elizabeth universes hendersonbob phoneauthor: greenbergandy sectorauthor: handgunsauthor: stinsonelizabeth


Last fetched: 2018-05-20T01:08:52.325949+00:00

HTTP status: 5 Sub-resource URL


TLS/SSL configuration report

TLS score
A

See full SSL/TLS security report for www.wired.com

Security-related HTTP headers

  • Access-Control-Allow-Origin: *

    Controls origins (websites) that are allowed to load data from this web service over JavaScript-based APIs as part of Cross-Origin Resource Sharing (CORS) standard. By default, a web browser will refuse to load data over XmlHttpRequest from a website that is not in the same origin, which is a precaution against various types of data stealing attacks. The target server has to explicitly allow the origin domain using the Access-Control-Allow-Origin (ACAO) header, or it may allow all origins to access it using a wildcard *. The latter however creates a potential security issue if the website in question is transactional and processing sensitive data, so the wildcard should be only used on websites consciously offering public APIs.

    Read more...

  • Strict-Transport-Security: max-age=31536000; preload

    HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header.

    Read more...

Content Security Policy

  • default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/wired
  • default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/wired

Publisher identifiers

The website uses the following advertisement publisher ids:

Fully automated RESTful API is now available. Subscribe for your free trial today!