Website review fin1te.net
Latest Posts – Jack
Generated on March 27 2026 04:22 AM
Old data? UPDATE !
The score is 69/100
SEO Content
Title
Latest Posts – Jack
Length : 19
Perfect, your title contains between 10 and 70 characters.
Description
Bug Bounty & Application Security
Length : 33
Ideally, your meta description should contain between 70 and 160 characters (spaces included). Use this free tool to calculate text length.
Keywords
bugbounty, websec
Good, your page contains meta keywords.
Og Meta Properties
Good, your page take advantage of Og Properties.
| Property | Content |
|---|---|
| locale | en_US |
| type | article |
| title | Jack Whitton - Latest Posts |
| description | Bug Bounty & Application Security |
| url | https://whitton.io/ |
| site_name | Jack |
Headings
| H1 | H2 | H3 | H4 | H5 | H6 |
| 6 | 8 | 14 | 11 | 0 | 0 |
- [H1] Jack
- [H1] From Bug Bounty Hunter, to Engineer, and Beyond
- [H1] Obtaining Login Tokens for an Outlook, Office or Azure Account
- [H1] Uber Bug Bounty: Turning Self-XSS into Good-XSS
- [H1] An XSS on Facebook via PNGs & Wonky Content Types
- [H1] Messenger.com Site-Wide CSRF
- [H2] Latest Posts
- [H2] “Old-School” Bug Bounty
- [H2] Joining Facebook
- [H2] Finding Bugs as an Engineer
- [H2] The Future
- [H2] Thank You
- [H2] Fix
- [H2] Timeline
- [H3] First Reward
- [H3] Ramping Up
- [H3] Facebook Bug Bounty
- [H3] “Everything is a P0”
- [H3] Running a Program
- [H3] Researcher Engagement
- [H3] Visualing Code
- [H3] Empathy
- [H3] Reward Amounts
- [H3] Fun with URL-Encoding and URL Parsing
- [H3] Self-XSS
- [H3] Uber OAuth Login Flow
- [H3] Chaining Minor Bugs
- [H3] Putting It All Together
- [H4] Jack
- [H4] Step 1. Logging Out of Only One Domain
- [H4] Step 2. Logging Into Our Account
- [H4] Step 3. Switching Back to Their Account
- [H4] PNG IDAT Chunks
- [H4] Bypassing Link Shim
- [H4] Moving from the Akamai CDN hostname to *.facebook.com
- [H4] Enter document.domain
- [H4] Fix
- [H4] Bonus ASCII Art
- [H4] Fix
Images
We found 36 images on this web page.
34 alt attributes are empty or missing. Add alternative text so that search engines can better understand the content of your images.
Text/HTML Ratio
Ratio : 54%
Ideal! This page's ratio of text to HTML code is between 25 and 70 percent.
Flash
Perfect, no Flash content has been detected on this page.
Iframe
Great, there are no Iframes detected on this page.
SEO Links
URL Rewrite
Good. Your links looks friendly!
Underscores in the URLs
Perfect! No underscores detected in your URLs.
In-page links
We found a total of 65 links including 3 link(s) to files
| Anchor | Type | Juice |
|---|---|---|
| Home | External | Passing Juice |
| About | Internal | Passing Juice |
| All Posts | External | Passing Juice |
| All Tags | External | Passing Juice |
| _robson_ | External | Passing Juice |
| April 19, 2020 | External | Passing Juice |
| Jack | External | Passing Juice |
| “the other side” | External | Passing Juice |
| “The List” | External | Passing Juice |
| valid finding on large programs | External | Passing Juice |
| their leaderboard | External | Passing Juice |
| interesting posts | Internal | Passing Juice |
| IDORs | External | Passing Juice |
| click here | External | Passing Juice |
| Bug Bounties and Mental Health | External | Passing Juice |
| April 03, 2016 | External | Passing Juice |
| awesome OAuth CSRF in Live | External | Passing Juice |
| login.live.com | External | Passing Juice |
| login.microsoftonline.com | External | Passing Juice |
| login.windows.net | External | Passing Juice |
| outlook.office.com | External | Passing Juice |
| https://login.microsoftonline.com/login.srf?wa=wsignin1.0&rpsnv=4&wreply=https%3a%2f%2foutlook.office.com%2fowa%2f&id=260563 | External | Passing Juice |
| POST | External | Passing Juice |
| URL-encoding | External | Passing Juice |
| [email protected] | Internal | Passing Juice |
| syntax of a URL | External | Passing Juice |
| quite familiar with | Internal | Passing Juice |
| March 22, 2016 | External | Passing Juice |
| Partners portal | External | Passing Juice |
| Cross-Site Scripting | External | Passing Juice |
| OAuth | External | Passing Juice |
| @homakov’s awesome guide | External | Passing Juice |
| Content Security Policy | External | Passing Juice |
| January 27, 2016 | External | Passing Juice |
| CDN | External | Passing Juice |
| captioning feature of Videos | External | Passing Juice |
| X-Content-Type-Option | External | Passing Juice |
| @phwd | External | Passing Juice |
| much related finding | External | Passing Juice |
| Exif | External | Passing Juice |
| iTXt chunks | External | Passing Juice |
| “Encoding Web Shells in PNG IDAT chunks” | External | Passing Juice |
| IDAT | External | Passing Juice |
| proof-of-concept image | External | Passing Juice |
| XSS ready PNG | External | Passing Juice |
| DEFLATE | External | Passing Juice |
| LinkShim | External | Passing Juice |
| fnt.pe | External | Passing Juice |
| HTTPOnly | External | Passing Juice |
| document.domain | External | Passing Juice |
| X-Frame-Options | External | Passing Juice |
| Page Plugin | External | Passing Juice |
| XHR | External | Passing Juice |
| Try it out yourself | External | Passing Juice |
| July 26, 2015 | External | Passing Juice |
| @mazen160 | External | Passing Juice |
| blogged about it | External | Passing Juice |
| Messenger.com | External | Passing Juice |
| Cross-Site Request Forgery | External | Passing Juice |
| 2 | External | Passing Juice |
| 3 | External | Passing Juice |
| 4 | External | Passing Juice |
| 5 | External | Passing Juice |
| Jekyll | External | noFollow |
| HPSTR Theme | External | noFollow |
SEO Keywords
Keywords Cloud
code program bugs user request bug account now from facebook
Keywords Consistency
| Keyword | Content | Title | Keywords | Description | Headings |
|---|---|---|---|---|---|
| bug | 36 |  |
 |
|
|
| from | 33 | |
|
|
|
| 28 | |
|
|
|
|
| account | 25 | |
|
|
|
| bugs | 22 | |
|
|
|
Usability
Url
Domain : fin1te.net
Length : 10
Favicon
Great, your website has a favicon.
Printability
We could not find a Print-Friendly CSS.
Language
Good. Your declared language is en.
Dublin Core
This page does not take advantage of Dublin Core.
Document
Doctype
HTML 5
Encoding
Perfect. Your declared charset is UTF-8.
W3C Validity
Errors : 0
Warnings : 0
Email Privacy
Great no email address has been found in plain text!
Deprecated HTML
Great! We haven't found deprecated HTML tags in your HTML.
Speed Tips
|
Excellent, your website doesn't use nested tables. |
|
Too bad, your website is using inline styles. |
|
Great, your website has few CSS files. |
|
Perfect, your website has few JavaScript files. |
|
Perfect, your website takes advantage of gzip. |
Mobile
Mobile Optimization
|
Apple Icon |
|
Meta Viewport Tag |
|
Flash content |
Optimization
XML Sitemap
Great, your website has an XML sitemap.
| https://whitton.io/sitemap.xml |
Robots.txt
https://fin1te.net/robots.txt
Great, your website has a robots.txt file.
Analytics
Missing
We didn't detect an analytics tool installed on this website.
Web analytics let you measure visitor activity on your website. You should have at least one analytics tool installed, but It can also be good to install a second in order to cross-check the data.
PageSpeed Insights
Device
Categories
Free SEO Testing Tool
Free SEO Testing Tool is a free SEO tool which provides you content analysis of the website.