Closed gbinal closed 7 years ago
segurosocial.gov uses a tag for a redirect, instead of a (best practice) server-side redirect. We only detect server-side redirects.
segurosocial.gov loads a web page, whose HTML is this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>SEGUROSOCIAL</TITLE>
<META content="text/html; charset=windows-1252" http-equiv=Content-Type>
<META content="MSHTML 5.00.2314.1000" name=GENERATOR>
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://www.socialsecurity.gov/espanol">
</HEAD>
<BODY aLink=#ff0000 bgColor=#ffffff link=#000ff text=#000000 vLink=#0000ff>
</BODY></HTML>
(In fact, the redirect, is insecure it redirects people to an http:// URL.)
I guess we should decide whether to detect meta refresh tags. So far, neither DHS nor GSA are willing to recognize them as redirects for the purposes of HTTPS detection. It may be more reasonable to detect them as redirects for DAP eligibility.
A response to this:
I'd recommend to detect such cases as redirects for DAP eligibility only.
This URL was added to the ineligible list, so is no longer showing in the report.