Comments (3)
@noisyneighbor Can you share the website you're checking? This would make it easier to debug. You can email the URL to [email protected] if you're not comfortable posting it publicly, but I recommend just posting it publicly to make discussion easier.
from pulse.
from pulse.
@noisyneighbor it looks like you are missing the HSTS header on the root:
$ curl --head https://webmail.cdc.gov
HTTP/1.0 302 Found
Location: https://webmail.cdc.gov/owa/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
If you're seeing something different, it might be because you're scanning from inside the firewall and have different DNS for internal services?
Right now, Pulse (and DHS) look for the HSTS header at the root, rather than at a redirect destination. If you can get the HSTS header onto the root, that would resolve this.
from pulse.
Related Issues (20)
- Removal of old (no longer used) subdomains HOT 4
- Review as a potential resource for 3rd party services HOT 1
- Sites which require HTTPS client cert auth always show as non-compliant HOT 2
- sslyze results missing for some domains HOT 8
- Deprecated sub-sub-domains below a wildcard display as non-compliant HOT 7
- table sorting not working on a table HOT 1
- Broken link in FAQ HOT 1
- Can't Find the Issues with a Site HOT 2
- Canadian Digital Service changes HOT 6
- Command-line interface HOT 7
- Move from the AWS CLI to boto
- (Likely) Incorrect Development Status classifier in setup.py HOT 2
- Site isn't showing data HOT 4
- Weekly security check 5/31/2018 HOT 3
- Weekly security check 8/14/2018 HOT 3
- Weekly security check 8/23/18 HOT 3
- BLD: Warning to bump Python buildpack HOT 1
- wrong repo
- Pulse does not include legislative agencies HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pulse.