FIFA World Cup 2026 Stadium Websites Riddled With Basic Security Flaws
A security scan conducted on July 3, 2026, assessed the official websites of all 16 FIFA World Cup 2026 host venues across the United States, Canada, and Mexico. Every single stadium site was found to have a weak or missing Content-Security-Policy header, while nine sites had inconsistent or absent HSTS configurations. Hard Rock Stadium in Miami recorded the most severe individual finding, with its session cookie lacking Secure, HttpOnly, and SameSite protections simultaneously. Only one venue, Lincoln Financial Field in Philadelphia, had DNSSEC enabled, and MetLife Stadium earned the top grade of 90, while Hard Rock Stadium scored the lowest at 47. Security researchers noted that the vulnerabilities are common and well-understood misconfigurations, highlighting that high web traffic and public prominence do not guarantee robust website security.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in