Jump to content

charles_h

Member
  • Posts

    4
  • Joined

  • Last visited

Everything posted by charles_h

  1. bumping this. can someone from squarespace please comment on this?
  2. Site URL: https://www.havenconnect.com currently squarespace does not allow adding HSTS directives like `includeSubDomains` or `preload`, and they don't allow modifying the `max-age` directive to a year or more. based on my understanding of HSTS, this prevents domains using squarespace from being eligible for preloading. more info here: https://scotthelme.co.uk/hsts-preloading/ i'm not a security expert so my first question is this: am i correct in understanding squarespace's HSTS implementation does not force all users to HTTPS? second question: if my understanding is correct, does squarespace plan to address this security flaw/vulnerability? and if so, when? thanks!
×
×
  • Create New...

Squarespace Webinars

Free online sessions where you’ll learn the basics and refine your Squarespace skills.

Hire a Designer

Stand out online with the help of an experienced designer or developer.