Secure not really??

Author	« Topic »
Trabe Advanced Member United Kingdom 326 Posts Pre-sales questions only (More Details...)	Posted - 04/19/2019 : 02:35:26 Can anyone help please? Our trade site www.zest-it.biz/trade/ is on its own ssl and should be as secure as our other sites but in firefox it will not show the padlock and says its not secure - maybe due to images? Can anyone tell me why and how to fix it please? THank you in advance, Trace
Andy ECT Moderator 95440 Posts	Posted - 04/19/2019 : 02:40:12 Hi Trace It seems to be images that use the full path with http eg images/zest-itlogo.png Change that to https or make it relative like /images/zest-itlogo.png Andy Please feel free to review / rate our software
Trabe Advanced Member United Kingdom 326 Posts Pre-sales questions only (More Details...)	Posted - 04/19/2019 : 03:53:13 Awesome Andy - You are a superstar, Thank you so very much - all fixed Trace
V45 Advanced Member United Kingdom 416 Posts Pre-sales questions only (More Details...)	Posted - 04/19/2019 : 06:45:18 Hi Trace One thing worth considering is what is known as the HSTS header. Currently your site is not using the "Strict-Transport-Security" header (HSTS Header), which can leave a website open to man-in-the-middle attacks. Having a Strict-Transport-Security header installed, means that it will be nearly impossible for the bad ass bunch to glean any information at all. Implementing HSTS headers is as simple as adding a line to your websites .htaccess file. Add the following to your .htaccess file at the top level document root folder; eg public_html - I always put that line near to the top of the file. [blue]#SetsTheStrictTransportSecurityHeaders Strict-Transport-Security: max-age=31536000; includeSubDomains[/blue] With the above code implemented all present and future subdomains will be HTTPS for a max-age of 1 year. This blocks access to pages or sub domains that can only be served over HTTP. Will - Bolton Manchester UK
	« Topic »