I justed checked the sites security headers on securityheaders.io and it scores only an E. https://securityheaders.io/?q=https://www.wilderssecurity.com/
Frankly, I've never even heard of most of those things its testing. And, I just tested a lot of other sites and they all got an E. DSLR, XenForo's own home site, Eset's forum (well, that was an F). So, I don't know what this is doing, but, I'm not going to worry about it at this point if everyone is "failing".
Okay, now I know this is off. https://centminmod.com/ also got an E. That is eva2000's site. He's one of the foremost webserver guys out there. He pretty much wrote the book on webserver tech.
Well, I'd expect mega corps to have servers and networks on the leading edge. Those of us with small, single boxes that we configure on our own, have a lot less technology at our finger tips. I've checked a lot of other sites our size and they all are E or F.
My domains get A+, security is always a moving target so its easy to get caught out by tests like these if you stop updating config files for modern practices even for 1 year.
I wouldn't worry too much. Most of these are optional extras as listed on ssllabs, where wilders scores an A (when ignoring trust).
I was under the impression it is just a software configuration. And sometimes especially the bigger corps are hesitant to roll that out because lots more users will be impacted if something goes awry. Only 2 of them are listed on SSLLabs because they SSL/TLS related. The others aren't, see for example when you test Wilders on HTTP: https://securityheaders.io/?q=https://www.wilderssecurity.com/ EDIT: Somehow the link in my post automatically changes the test url to HTTPS :S
@BoerenkoolMetWorst @elapsed @LowWaterMark I'm glad I found this thread because I've been really confused about my connection here! I just scanned this site at securityheaders.com as well. The HTTP version received an A+ and HTTPS got a B. So what's the solution? Simply go to HTTPS of the site and create and exception or just surf the HTTP version??
Uhm, whichever you want? It doesn't matter what a website scores, it's still more secure using HTTPS than it is HTTP. A website scoring a low HTTPS score doesn't mean "you should avoid this and use HTTP instead". It means that the website has room for improvement. HTTPS will always be better than HTTP no matter what artificial grade or number someone applies to it.
Nice to see the site now supports most of the tested for features @Brosephine If you look at the results on Securityheaders, the HTTPS version supports all the same features the HTTP version supports, meaning it is just as secure(even more obviously because your traffic is encrypted on HTTPS.) The reason the grade is lower, is that Securityheaders checks for 2 additional features on HTTPS sites that are related to HTTPS and so it would make no sense to test for them as well on HTTP sites.
Okay so HTTPS. Thanks. Oh I see what you mean. I'm new to all this and am trying to understand it all. Thaks
