Problem with HTTPS of the forum

Firefox reveals that the forum is only partially encrypted, it is a problem that has been around for some time.

https forumpt
I think it’s important to report this to you.

yup, mixed contents means site is fine but part of it not https like images for example — maybe i am wrong so correct me

2 Likes

The point was if you link stuff (in this case an image fom an external site) an attacker could intercept and substitute the linked image. Its just that. The site itself is fine.

1 Like

I only see one insecure (http) connection in the developer tools, and the server responded with a 301 (permanent redirect) to it’s encrypted version:

http://cdn-forum.privacytools.io/uploads/default/original/2X/8/85d44c7abe616fa958642f933cfc4c7affea9cdd.svg

https://cdn-forum.privacytools.io/uploads/default/original/2X/8/85d44c7abe616fa958642f933cfc4c7affea9cdd.svg

forcing https from the start with https everyware fix this

1 Like

I use already HTTPS Everywhere.

yes you need to enable hsts

How can I enable HSTS?

HSTS is enabled for privacytools.io (preloaded, with subdomains).

Oops, sorry it took me a bit to get around to investigating this. It should be fixed now, thanks for reporting.

3 Likes