Suggestion: Run HSTS on airvpn.org

[anonym 22]

Hello,

 

I think Air should have HSTS (HTTPS Strict Transport Security) enabled on your website for even more security.

See this article from EFF for more information.

 

Best regards,

 

anonym

[Staff 9972]

Hello!

 

Thanks. You can't load airvpn.org pages in HTTP. HTTPS is forced since years ago.

 

Kind regards

[Strongduck 1]

HSTS tells the Browser that the website shouldn't be visited without TLS under any circumstances. Therefore a MITM Attack without a valid certificate should be much harder. 

[Staff 9972]

Hello,

 

I think Air should have HSTS (HTTPS Strict Transport Security) enabled on your website for even more security.

See this article from EFF for more information.

 

Best regards,

 

anonym

 

Hello!

 

Yes you're right, HSTS is not enabled, we have put it in the things to do very soon.

 

Kind regards

[Staff 9972]

Hello,

 

I think Air should have HSTS (HTTPS Strict Transport Security) enabled on your website for even more security.

See this article from EFF for more information.

 

Best regards,

 

anonym

 

Hello!

 

Implemented. https://www.ssllabs.com/ssltest/analyze.html?d=airvpn.org

 

Kind regards

[anonym 22]

Thanks Staff!

 

The HSTS is much appreciated!

 

Sincerely,

 

anonym

[iwih2gk 93]

 

 

 

 

Hello,

 

I think Air should have HSTS (HTTPS Strict Transport Security) enabled on your website for even more security.

See this article from EFF for more information.

 

Best regards,

 

anonym

Hello!

 

Implemented. https://www.ssllabs.com/ssltest/analyze.html?d=airvpn.org

 

Kind regards

 

Response:

 

After this change your report card from that site jumped from an A to an A+.  That is their assigned grade and not my opinion on the matter.  [smile]