Mark Dain : Glad to see the rating on securityheaders has gone up from D to B! Nicely done! I did notice the HSTS header contains a preload tag; I did try submitting Sublevel for inclusion in Chromium's list here hstspreload.appspo... but they mandate the includeSubdomains token. Is it possible add this?
🏒 Lucian Marin I did change the headers, but I'm not sure this is the right thing to do. The bigger the headers, the slower performance will be.
Login or register your account to reply
Mark Dain HTTP/2 helps a lot as it compresses headers. I haven't noticed a drop in performance but the site should be far more secure now! The only other thing I noticed is cookies aren't set for the www subdomain so I see the login page; for this you could setup a redirect so nobody uses www.