It seems that online security measures at New York City’s airports are lacking.

John F. Kennedy International (JFK), Newark Liberty International (EWR), and LaGuardia (LGA) are identified as some of the least secure airports in terms of their website protections, putting travelers’ credit card information, travel plans, and other private data at risk.

This finding comes from a recent study conducted by VeePN, a company specializing in digital privacy, which evaluated the security of websites for 31 major airports across the United States.

The assessment focused on the security headers—these are HTTP response directives sent from a server to a browser, guiding secure management of website content. Security headers play a vital role in defending against potential cyber threats.

Additionally, VeePN considered the robustness of each airport’s SSL security, which is crucial for maintaining the confidentiality and integrity of data, making it harder for hackers to intercept.

Each airport was scored on both aspects and received an overall rating out of 100.

They found a major discrepancy in airport security among airports. “These results show significant variation in airport website security across the U.S,” declared Anthony Brown, a Web Software Developer at VeePN. “The difference between the highest and lowest scores is quite stark at almost 50 points.”

To wit, top performing flight hub Miami International Airport scored an impressive 97.5 out of 100 with an A grade for security headers and an A+ for SSL.

By contrast, the two worst performers — Daniel K. Inouye International Airport in Honolulu, Hawaii and Phoenix Sky Harbor International Airport near Phoenix, Arizona — received a score of just 50 of out of 100.

They also both received Fs in the Security Headers category.

Meanwhile, the Big Apple three had particularly porous cyber defenses. John F. Kennedy International (JFK), Newark (EWR) and LaGuardia (LGA) all scored just 57.5 out of 100 and Fs when it came to having watertight security headers.

In fact, a total of 12 airports failed this metric.

“These F grades in security headers highlight a widespread vulnerability among many of America’s busiest air travel hubs,” Brown said. “Many of the airports with lower scores could make simple improvements to boost their security considerably. Updating security headers is a straightforward fix that would benefit many of the lower-ranked websites.”  

Thankfully, the nation’s flight hubs performed markedly better in the SSL Labs category, with 23 of the 31 airports receiving an A or A+ grade.

“Airport websites often handle sensitive traveler information and reservations, making their digital security particularly important,” Brown concluded. “The best-performing airports demonstrate that achieving high security standards is possible, and others should follow their example.” 

The ten airports with the most secure websites

1. Miami International Airport, Florida (97.5)
2. San Diego International Airport, California (95)
3. Fort Lauderdale-Hollywood International Airport, Florida (92.5)
4. Denver International Airport, Colorado (90)
5. Orlando International Airport, Florida (90)
6. Logan International Airport, Massachusetts (87.5)
7. Dallas Forth Worth International Airport, Texas (85)
8. Charlotte Douglas International Airport, North Carolina (85)
9. Detroit Metropolitan Airport, Michigan (82.5)
10. Salt Lake City International Airport, Utah (82.5)

The ten airports with the least secure websites

1. Phoenix Sky Harbor International Airport, Arizona (50)
2. Daniel K. Inouye International Airport, Hawaii (50)
3. Harry Reid International Airport, Nevada (57.5)
4. Nashville International Airport, Tennessee (57.5)
5. LaGuardia Airport, New York (57.5)
6. George Bush Intercontinental Airport, Texas (57.5)
7. Newark Liberty International Airport, New Jersey (57.5)
8. John F. Kennedy International Airport, New York (57.5)
9. Tampa International Airport, Florida (65)
10. Seattle-Tacoma International Airport, Washington (72.5)