Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How bad is it to not include security headers when redirecting from Http to Https? #95

Open
nulltoken opened this issue May 3, 2021 · 1 comment
Open

How bad is it to not include security headers when redirecting from Http to Https? #95

nulltoken opened this issue May 3, 2021 · 1 comment

Comments

@nulltoken
Copy link

This https://securityheaders.com/?q=http%3A%2F%2Fsecurityheaders.com report shows that no security headers is set over Http, while redirecting to Https
image

How bad/good/meh is this?

Should we strive to implement security headers even during redirections or is it no longer useful?
@nulltoken
Copy link
Author

/cc @ScottHelme I understand this is not a critical bug/question. However, I'd really like some feedback (even a brief one) about the usefulness of implementing security headers in http responses while redirecting to https.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nulltoken