Sorry to see no progress made to improve our security yet.
Today, there is no such thing as non-sensitive web traffic. By simply always using HTTPS
, both people and browsers can make safer assumptions about secure connections.
If you run a web site, you can make it default to HTTPS for everyone, not just HTTPS Everywhere users. And it's less work! The steps you should take, in order, are:
- Set up a redirect from HTTP to HTTPS on your site.
- Add the Strict-Transport-Security (HSTS) header on your site.
- Add your site to the HSTS Preload list.
HTTPS certificates are 100% free and can be instantly obtained. See https://www.startssl.com/Support?v=1
to secure your web traffic and mail service now.
These steps will give your site much better protection. It's not if, but when this site is compromised. Please give us HTTPS soon!