-
My domain was manually listed here & there since the beginning of HSTS Everywhere. It was listed on this project and you can check here - https://hstspreload.org/?domain=thecustomizewindows.com
Now …
-
Hi everyone!
I think the redirector module should use the `301 Moved Permanently` redirect instead of `308 Permanent Redirect` as `308` confuses some HTTPS testing sites (e.g. hstspreload.appspot.com…
-
Traceback (most recent call last):
File "/usr/bin/pshtt", line 9, in
load_entry_point('pshtt==0.1.5', 'console_scripts', 'pshtt')()
File "/usr/lib/python2.7/site-packages/pshtt/cli.py", li…
-
HSTS Preload API seems to be moved to hstspreload.org, originally at hstspreload.appspot.com.
CSP is blocking the 3rd party HSTS preload call, because
```
Refused to connect to 'https://hstspre…
spaze updated
7 years ago
-
**Hi added the CSP Module on my ExpressJS application and a security scan found this:**
I do not know, it depends on csp ?
```
This page contains an error/warning message that may disclose s…
-
Without HSTS or HSTS being preloaded a user would need to first connect to the website to retrieve the key then to connect again, something that wont happen if the HSTS header is preloaded. Right now …
-
StackExchange is [slowly rolling out site-wide HTTPS support](https://meta.stackexchange.com/q/292058/262861). Per [user2428118's report](https://meta.stackexchange.com/a/292334/262861), the HTTPS Eve…
-
From README:
"Enables HSTS preloading. If you register your application with Google's HSTS preload list, Firefox and Chrome will never load your site over a non-secure connection."
See hstsprel…
-
This is telling me I have active mixed content with a particular plugin called WP Portfolio since I am not using it I disabled it, ran the test again and same message.
I then deleted the plugin and…
-
**What is the current behavior?**
The [HSTS defaults](https://github.com/roots/trellis/blob/cbe647a26a95126a3cf7fd8ace7f1f2f0454adf0/roles/nginx/defaults/main.yml#L12) include
`nginx_hsts_preload:…