Closed msrrkusrccom closed 7 years ago
I kind've hate to say this but security doesn't really matter for this site. Nobody is entering any important data such as passwords or credit card numbers, so there's nothing for a hacker to steal. The worst case scenario is a hacker could do an MITM attack and redirect users to some other site or something, but why would they?
Additionally, the host I'm using, netlify, doesn't allow fixing any of this without enabling HSTS, which i don't want to do because some other stuff I run doesn't use https. But thanks for the issue anyways.
Ok, I went ahead and enabled HSTS...it now gets a D https://observatory.mozilla.org/analyze.html?host=specdb.markasoftware.com the other stuff is not configurable and matters less.
It has a very poor mark (F) in the Mozilla Observatory https://observatory.mozilla.org/analyze.html?host=specdb.markasoftware.com