(https://specialcakesfanner.infinityfreeapp.com/?i=1 )
I keep failing my security check when I use Mozilla Observatory even though I have addressed the main concerns in my htaccess file
Observatory report
This is my code for my htaccess file. Perhaps the error is here somewhere:
Header always set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options "nosniff"
Header always add Content-Security-Policy "default-src 'self'; style=src 'specialcakesstyles.css 'eCommerceStyle.css'; img-src https://*; child-src 'none';"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://specialcakesfanner.infinityfreeapp.com%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
Please help
KangJL
February 15, 2023, 4:14am
4
This is expected due to this
If you have installed an SSL certificate on InfinityFree, you may want to use an SSL Checker tool to verify your SSL certificate was installed correctly. However, when doing so, you see an error like this:
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
3 Likes
That makes sense but…
I have installed a SSL certificate and the installed seems fine. I’ve seen that the intermediate/chain in the actions for Observatory but thought that it was separate to say adding for example X-XSS protection
Surely I should get some “points” for addressing some of the issues like having a HTTPS redirect through my htaccess file?
Admin
February 15, 2023, 10:58am
6
I think your website does have a working HTTPS redirect, but Mozilla is unable to verify it’s existence due to this system:
InfinityFree is a website hosting service. That means that the hosting accounts we provided are intended for hosting websites. Websites contain pages that are accessed through web browsers. InfinityFree is not intended to be used for file sharing, API hosting, database hosting or background tasks/tools.
To help enforce this, free hosting enforces a security system that makes sure that anyone trying to access your website is using a normal web browser. This is done by checking whether the web br…
If you’re not convinced, just try accessing your website without HTTPS and see if it redirects or not.
4 Likes
thanks so much! Yes that makes sense.
system
February 22, 2023, 10:37pm
8
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
