WAF as a Compensating Control?

[MClearnsNow]

Hi All,

Can I get someone's take on WAF being a good compensating control for when websites rate lowly on Observatory against the different criteria? It be much appreciated to hear others as it helps to develop my understanding. Thank you!

Let's take Verizon's login portal as an example. https://observatory.mozilla.org/analyze/secure.verizon.com for https://secure.verizon.com/vzauth/UI/Login

P.S. I don't know if they actually use a WAF for their site.

[gene1wood]

@MClearnsNow actually this isn't a great place for this type of question, this repo is focussed on bugs/issues with the code of the site. Could I ask that you direct this to another general security forum?