I surveyed the website security and a few other website technology factors for the candidates for US president. Here is what I found.
Epic fail candidates:
Jim Gilmore, Bobby Jindal, George Pataki – they all ask for donations on an insecure page or one vulnerable to POODLE. I would say these would be a much better insecure server story but none of these are considered major candidates.
Actually support IPv6:
Only Donald Trump, Ted Cruz, Rand Paul, Marco Rubio.
10/21 sites use cloudflare as their CDN! It looks like their is a difference in the plan/traffic tiers some of the candidates are in:
2 endpoints – Ted Cruz, Rand Paul, Mike Huckabee, Bernie Sanders, Jim Webb, Larry Lessig5 endpoints – Marco Rubio, Carly Fiorina, Jeb Bush, Donald Trump
Now, CloudFlare gives you IPv6 and HTTPS for free, but apparently a lot of candidates aren’t bothering to turn them on?
The seemingly most complicated setups go to Hilary Clinton and Chris Christie. I’m not sure they are good setups – they show up as inconsistent to ssllabs. I’m guessing they spent the most money/time on them though.
Other interesting stats
Wordpress – 11/21
Hosting: Amazon AWS – 4/21 – Linode 2/21
Redirects to HTTPS by default for main site – 16/21 (yay! this is the assumed default now – the candidates who don’t are Rick Santorum, George Pataki, Lindsey Graham, Jim Gilmore, Lincoln Chafee)
HSTS – 3/21 have it on, but only Ted Cruz has it on in a consistent way
I’m guessing those who aren’t getting good website advice aren’t getting good campaign advice in general. Not having HTTPS by default seems like it’s a good indicator for you not being a serious candidate. I’m curious if the republican candidates with IPv6 enabled indicates anything about their tech teams and what impact that might have as the field progresses.