-
According to [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) "The Strict-Transport-Security header is ignored by the browser when your site is accessed using…
-
https://qubes-os.org redirects to an insecure page: http://www.qubes-os.org/. `http://qubes-os.org` should immediately redirect to `https://qubes-os.org` (and then to https://www.qubes-os.org) Take a …
ghost updated
7 years ago
-
cc @jsha @pde @J0WI @diracdeltas @jeremyn @gloomy-ghost
This release fixes a race condition that effects the setting of global variables. See https://github.com/EFForg/https-everywhere/pull/12268
…
-
The preload list for Firefox Aurora [hasn't been updated since April](https://hg.mozilla.org/releases/mozilla-aurora/log/tip/security/manager/ssl/nsSTSPreloadList.inc). We'll need to point hsts-prune …
-
An article on your site contains a recommended HSTS header value that includes `preload` in the only example: https://docs.nextcloud.com/server/9/admin_manual/configuration_server/harden_server.html
…
-
Hi Cyphers,
There is a problem on the official website's SSL / TLS certificate for the Chrome browser (maybe others as well).
If you browse to:
- https://cyph.ws/, you'll get a Chrome certifica…
-
Whenever I'm accessing Wikipedia via firefox there seems to be no https ruleset for it.
Strangely enough, when I access Wikipedia via chrome, there IS a ruleset for it.
Is it normal?
ghost updated
7 years ago
-
### Expected behaviour
All settings are OK.
### Actual behaviour
Nextcloud print out in the admin options, that nginx don't provide HSTS, but I have set up it in the nginx config. It's a modified…
-
I'm now getting console errors when checking the status of a domain:
```
From URL parameter: google.com
view.js:92 Uncaught TypeError: Cannot set property 'textContent' of null
at PreloadVie…
-
Submitting [a website](https://istheinternetdown.com/) which supports HTTP/2 fails with "Error: Invalid Certificate Chain".
![](https://cloud.githubusercontent.com/assets/111870/17674995/d8ee5e8a-62f…