encrypt.to icon indicating copy to clipboard operation
encrypt.to copied to clipboard

Published 20 hours ago verified publisher icon encrypt-to

HTTPS only

Open mozfreddyb opened this issue 5 years ago • 0 comments

There are some security risks with allowing your website to just work on plain HTTP. I recommend you configure encrypt.to that it

  • responds to HTTP requests with redirects to https://encrypt.to
  • sets the Strict-Transport-Security header, so that the browser will remember to prefer HTTPS
  • uses secure cookies

As a benefit, you might be able to work yourself up in bad rating you currently get at https://observatory.mozilla.org/analyze/encrypt.to

mozfreddyb avatar May 13 '19 08:05 mozfreddyb