I made this graphic using some data from Sqreen. (Yeah, I know it's not a professional one I am usually able to do better but I never tried to use bar graphs or histograms so I was just playing around)
140 cryptocurrency exchanges have been checked one by one for basic security issues. It doesn't mean these exchanges have vulnerabilities but they should improve some basic security controls
out of the 140 exchanges we analyzed less than 40% of them are using headers like the Strict-Transport-Security header or the X-XSS-Protection header. 20% expose server information which isn’t a security vulnerability in itself but that clearly shows the low level of security best practices implemented. And 26% of them use frontend libraries with known vulnerabilities. Only 2% implemented a Content-Security-Policy that, if done well, can offer powerful protection against clickjacking or XSS