The Freedom of the Press Foundation has published the results of research into the security of top news websites. Topping the list is the Intercept which managed to earn itself an A+ rating, while the Guardian was a close second with A-.
Both sites scored highly for their support for HTTPS, and the fact that they defaulted to a secure connection to keep visitors safe. Both also feature HSTS, but the Intercept was awarded extra points for using HSTS pre-loading. While the top of the chart makes for thought-provoking reading, it’s also interesting to look further down the rankings where there are some surprisingly big names.
The Freedom of Press Foundation found that just 28 percent of the news sites it looked at offered HTTPS connections, and only half of these used the more secure connection by default. Notable names that failed to default to HTTPS include the New York Times, the Verge, BBC and Time.
There are a worrying number of well-known news sites that fail to offer an HTTPS option at all — earning them a rating of F. These include the Wall Street Journal, the Times, Sky News, Huffington Post and Reuters. The Freedom of the Press Foundation explains that the security features it has chosen to look at are important not only to help ensure that web connections are not spied upon, but also to help prevent censorship. Some sites, it would appear, still have a lot of work to do.
Take a look at the full chart rundown over on the Secure the News website.
Image credit: ktsdesign / Shutterstock