Increase security of hstspreload.org #174
Comments
|
Please also add support for TLS 1.3 and OCSP stapling. This would improve both the security and the load time of the website. |
|
The Qualys SSL Server Test now caps the score at B if TLS 1.0 and TLS 1.1 are still supported. Since hstspreload.org still supports these, it scores a B out of a maximum of A+. |
|
I had no idea https://securityheaders.com existed. Along with that and SSL Labs, do you have any other useful tools that server operators can use to verify that their security is up-to-date? |
|
There are many tools out there that you can learn about just by Google searching. That is how I learned about the ones that I am about to list. I am only listing free ones, but I'm sure that there are good paid options out there. For security, there is:
Even though you didn't ask for it, I might as well share some of my other web-related bookmarks. For speed, there is Yellow Lab Tools and GTmetrix. As you can see, there are many things about a website that can be suboptimal. I hope that you find these links useful. |
Security Headers gives hstspreload.org a score of D for its use of security headers. Please get the score to A+.
https://securityheaders.com/?q=hstspreload.org&followRedirects=on
The Qualys SSL Server Test points out that hstspreload.org still supports TLS 1.0, TLS 1.1, and several weak cipher suites within TLS 1.2. Please remove support for these. It also wouldn't hurt to set up OCSP stapling.
https://www.ssllabs.com/ssltest/analyze.html?d=hstspreload.org
The text was updated successfully, but these errors were encountered: