|
| From: | bo0od |
| Subject: | Hardenize gnu.org |
| Date: | Fri, 11 Sep 2020 12:24:47 +0000 |
HiChecking TLS and some extra security stuff i saw that it need more attention:
- https://www.hardenize.com/report/gnu.org/1599785325 :1- Missing DNSSEC: https://www.hardenize.com/report/gnu.org/1599785325#domain_dnssec
2- No redirection from http to https: https://www.hardenize.com/report/gnu.org/1599785325#www_http
3- TLS 1.3 not enabled and using deprecated TLS 1.0,1.1 and using weak ciphers for TLS 1.2: https://www.hardenize.com/report/gnu.org/1599785325#www_tls , https://www.ssllabs.com/ssltest/analyze.html?d=www.gnu.org&s=209.51.188.148
4- Missing HSTS-Preload: https://www.hardenize.com/report/gnu.org/1599785325#www_hsts , https://hstspreload.org/?domain=gnu.org
5- Missing CSP: https://www.hardenize.com/report/gnu.org/1599785325#www_csp6- Missing frame header: https://www.hardenize.com/report/gnu.org/1599785325#www_xfo
7- Missing XSS protection: https://www.hardenize.com/report/gnu.org/1599785325#www_xxssp
8- Missing X-Content-Type-Options header: https://www.hardenize.com/report/gnu.org/1599785325#www_xcto
ThX!
| [Prev in Thread] | Current Thread | [Next in Thread] |