floatingatoll
commented
4 years ago The HSTS preload list used by the Observatory is updated occasionally, but not on a day-to-day basis, so the Observatory might not yet reflect that your site is on the preload list.
On Thu, Jan 9, 2020 at 11:24 AM jiggyfiz notifications@github.com wrote:
Hi,
I have been working on improving a couple websites, but it may be Observatory might show incorrect/cached results even though I have forced a rescan.
What is configured (and shown in https://securityheaders.com):
Strict-Transport-Security | max-age=63072000; includeSubDomains; preload
With curl, I get the header as it should be:
< Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
https://hstspreload.org/ verifies that the domain is preloaded as are the subdomains and header continues to meet the requirements.
Thanks in advance for any reply you may have!
This https://observatory.mozilla.org/analyze/wedding.justninja.com is the site in question.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mozilla/http-observatory-website/issues/210?email_source=notifications&email_token=AAAWUDBKFJPD32Q52C7FJGLQ452YPA5CNFSM4KE5HSC2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IFE2LMQ, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAWUDARNRWHK5GFF2VIYE3Q452YPANCNFSM4KE5HSCQ .
jiggyfiz
Hi,
I have been working on improving a couple websites, but it may be Observatory might show incorrect/cached results even though I have forced a rescan.
What is configured (and shown in https://securityheaders.com):
Strict-Transport-Security | max-age=63072000; includeSubDomains; preload
With curl, I get the header as it should be:
< Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
https://hstspreload.org/ verifies that the domain is preloaded as are the subdomains and header continues to meet the requirements.
Thanks in advance for any reply you may have!
This is the site in question.