Until GitHub offer HTTPS (somehow - not even sure if it’s possible with their architecture of the otherwise brilliant GitHub Pages), my blog will be a big fat F. :-)
My blog is hosted on AWS S3+Cloudfront and is in a similar boat. Unfortunately, S3 doesn’t let you set most custom headers like Strict-Transport-Security.
It really helped to push me to really fix things that I knew were semi “broken” to get this A+! In addition also found that the redirect from HTTP to HTTPS was broken, which I didn’t really see because of the browser’s caching the HSTS. Oops! :)
https://observatory.mozilla.org/analyze.html?host=mail.google.com (A-)
https://observatory.mozilla.org/analyze.html?host=lobste.rs (B+)
https://observatory.mozilla.org/analyze.html?host=facebook.com (B)
https://observatory.mozilla.org/analyze.html?host=mozilla.com ©
https://observatory.mozilla.org/analyze.html?host=google.com (D)
https://observatory.mozilla.org/analyze.html?host=amazon.com (F)
Because when something gives you a grade it is in want of a ranking. Or some victorian saw like that.
Yay, my personal blog and amazon have the same grade. :P
Haha - me too.
Until GitHub offer HTTPS (somehow - not even sure if it’s possible with their architecture of the otherwise brilliant GitHub Pages), my blog will be a big fat F. :-)
Mine supports https and it’s still an F (15/100)! :(
My blog is hosted on AWS S3+Cloudfront and is in a similar boat. Unfortunately, S3 doesn’t let you set most custom headers like Strict-Transport-Security.
It really helped to push me to really fix things that I knew were semi “broken” to get this A+! In addition also found that the redirect from HTTP to HTTPS was broken, which I didn’t really see because of the browser’s caching the HSTS. Oops! :)