Attackers find out that you have a CDN due to a flaw in the page display

[MDDAIEXPOSER]

Bug Type

Security

Reproduction steps

Open site
During the download, you will see the word Redirect
Press Esc and check the code with some network analyzer
You will know that a CDN is being used

Actual result

Open redirect notification, from irrelevant material to the main page - beta.disintar.io
This is very bad, because the design should not give out the processes going on behind the scenes.
You run the risk of catching a distributed DDoS attack, the Cloudflare server in this case will not save the system. When disinator.io is attacked, the redirect chain will be broken, and the main domain will become inaccessible. Yes, it's expensive, but it greatly increases the number of attacker action scenarios (the attack perimeter is larger).

Expected result

Ask the designer to hide the redirect, then no one will know about the existence of the old domain

Suggested Severity

Medium

Device

Desktop (please complete the following information):

• Windows 10
• Edge/Mozilla
  

Additional Context

No response

[tvorogme]

We use Cloudflare not only to quickly deliver content to users, but also to hide the real IP addresses of servers behind cloudfare, which protects us from any DDOS attacks. I don't really understand the attack vector here?

[MDDAIEXPOSER]

This notification does not make any sense to the user, but gives information to a potential attacker about the device of the backend system. CloudFlare does not always guarantee complete invulnerability, and there are more vectors (the perimeter is wider).

[MDDAIEXPOSER]

If you are using an old web page as a backup, hide it from prying eyes.