ethical-web-dev icon indicating copy to clipboard operation
ethical-web-dev copied to clipboard

Published 20 hours ago verified publisher icon ascott1

ethicalweb.org not using HSTS

Open konklone opened this issue 8 years ago • 2 comments

https://www.ssllabs.com/ssltest/analyze.html?d=ethicalweb.org

And I know why - it's a CloudFront and S3 application. There's no way to do HSTS with that setup, because neither the S3 origin nor CloudFront lets you add custom headers.

If you intend to have ethicalweb.org support HSTS, you'll need to move the app somewhere else. Otherwise, perhaps you could badger AWS as a customer to add explicit HSTS support to S3 websites or to CloudFront.

konklone avatar Aug 29 '16 03:08 konklone

👍 Good catch. This site is a place where I should be eating my own dog food.

I'm going to start with the badgering option, since most of my free time is going in to writing the titles.

ascott1 avatar Aug 29 '16 12:08 ascott1

There's always CloudFlare

graingert avatar Sep 08 '16 18:09 graingert