I like how he quotes securityheaders.com with 2 “happy findings” and 8 “not so happy findings” and then comes out with: "I quote: “www.healthcare.gov scores worse than approximately 50% of sites out there.”. "
Of course, that’s useless without actually looking at the findings. Several of the results either aren’t actually security issues or may not be security issues depending on how the site is actually structured. And yet, he’s quoting it without any examination as though they’re an authoritative site and that it proves his point…
