-
This may be working as intended, but just in case it's not: After our brief Twitter discussion on sites often failing to validate after a period of time, I tried out `hstspreload batch` again, and I n…
-
`securedrop.org` is included in the HSTS preload list, and preloaded for both Chromium and Firefox:
https://hg.mozilla.org/releases/mozilla-aurora/raw-file/tip/security/manager/ssl/nsSTSPreloadList…
-
Please support HSTS against protocol downgrade attacks.
As far as I know, some internet service provider in China like hijacking HTTP connection for monitoring and inserting ADs. So they can modify t…
-
Be quite beneficial to include public key pinning information in the api status response when I query:
https://hstspreload.appspot.com/api/v2/status?domain=0.me.uk
.
-
When scanning a website only responding with https:
> hstspreload.appspot.com✓
> Host: example.com
> Preloaded: Yes
> Notes: This site's HSTS header does not meet current preloading requireme…
-
Currently the site is constrained by it's platform (Cloudfront) and cannot support sending the HTTP Strict Transit Security headers. This means:
1. We are out of full compliance with [the Federal HTTP…
-
The current ```nginx.conf``` (as of commit ```8d238de```) does not properly redirect/rewrite from ```https://plex.domain.xyz/``` to ```https://plex.domain.xyz/web/index.html``` when using Chrome 57. I…
-
### Steps to reproduce
1. downloaded from the website
2. installed, configured username and password and database.
3. nextcloud is displayed incorrectly and does not work if logged immediately a…
azm9s updated
7 years ago
-
NWebSec will generate `Strict-Transport-Security` header with `includeSubdomains` directive. According to validator at https://hstspreload.appspot.com the proper capitalization for this directive is `…
-
### Description:
Attempting to connect via HTTPS to the main mithril site gives an error.
### Steps to Reproduce:
Go to https://mithriljs.org/
### Expected:
see the site
### Actual:
…
IBwWG updated
7 years ago