Skip to content

Commit 3ff62c3

Browse files
Point SecurityHeaders.com link at HTTPS
Without a scheme, the scanner defaults to http://agoracosmica.org and graded R because the unencrypted endpoint is missing TLS-tier headers (HSTS, etc). Pass the encoded https:// URL plus followRedirects=on so the scan hits the production HTTPS bundle and shows the A+ the badge already advertises.
1 parent 0525885 commit 3ff62c3

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
<a href="#"><img src="https://img.shields.io/badge/TypeScript-strict-3178C6?style=flat-square&logo=typescript&logoColor=white" alt="TypeScript: strict" /></a>
1515
<a href="docs/ACCESSIBILITY.md"><img src="https://img.shields.io/badge/WCAG-2.2%20AA-green?style=flat-square" alt="WCAG 2.2 AA" /></a>
1616
<a href="docs/COMPLIANCE.md"><img src="https://img.shields.io/badge/EU-Compliant-blue?style=flat-square" alt="EU Compliant" /></a>
17-
<a href="https://securityheaders.com/?q=agoracosmica.org"><img src="https://img.shields.io/badge/Security%20Headers-A%2B-brightgreen?style=flat-square" alt="Security Headers: A+" /></a>
17+
<a href="https://securityheaders.com/?q=https%3A%2F%2Fagoracosmica.org&followRedirects=on"><img src="https://img.shields.io/badge/Security%20Headers-A%2B-brightgreen?style=flat-square" alt="Security Headers: A+" /></a>
1818
</p>
1919

2020
<p align="center">

SECURITY.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,7 @@ For the full architecture: [docs/SECURITY-ARCHITECTURE.md](docs/SECURITY-ARCHITE
158158

159159
Independent third-party scanners. Run them any time:
160160

161-
- **[SecurityHeaders.com](https://securityheaders.com/?q=agoracosmica.org)** · HTTP security headers (CSP, HSTS, etc.). Currently **A+**.
161+
- **[SecurityHeaders.com](https://securityheaders.com/?q=https%3A%2F%2Fagoracosmica.org&followRedirects=on)** · HTTP security headers (CSP, HSTS, etc.). Currently **A+**.
162162
- **[SSL Labs](https://www.ssllabs.com/ssltest/analyze.html?d=agoracosmica.org)** · TLS configuration. Currently **A+**.
163163
- **[Mozilla Observatory](https://observatory.mozilla.org/analyze/agoracosmica.org)** · comprehensive web security scan.
164164
- **[Hardenize](https://hardenize.com/report/agoracosmica.org)** · DNS, email, TLS depth audit.

0 commit comments

Comments
 (0)