SSL & Headers Issues in corber.io website #689
Description
Read https://docs.github.com/en/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https on how to fix some of the issues below.
- ssl cert error for https://corber.io/
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for corber.io. The certificate is only valid for the following names: *.github.com, github.com
- ssl cert error for https://www.corber.io/
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for www.corber.io. The certificate is only valid for the following names: www.github.com, *.github.com, github.com, *.github.io, github.io, *.githubusercontent.com, githubusercontent.com
-
no HSTS, the server need to send this header when visiting the site over HTTPS.
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload -
Missing redirect from http to https in domains:
https://corber.io/
https://www.corber.io/ -
no HSTS preload:
after fixing above issues, apply for preloading here:
https://hstspreload.org/?domain=corber.io -
Disable FLOC with header on all domains:
Permissions-Policy: interest-cohort=()
About FLOC: https://plausible.io/blog/google-floc