-
Direct all traffic to HTTPS domain by default If you don’t have access to the web server, a temporary solution is to use your own variation of the following code:
<script type="text/javascript"> var host = "everydaysexism.com"; // edit this depending on the country subdomain (eg france.ev..., denmark.ev... if ((host == window.location.host) && (window.location.protocol != "https:")) window.location.protocol = "https"; </script>
-
Make sure HSTS is supported.
-
When linking to the site, always use
https://or//in the URLs—nothttp://. -
Change these two front-page links to HTTPS:
- <link rel="stylesheet" href="http://fonts.googleapis.com/css?family=Antic Didone:400,regular|Inika:400,bold,regular,700|Lustria:400,regular|Noticia Text:400,400italic,700,700italic,regular,italic" type="text/css" /> - <meta property="og:image" content="http://everydaysexism.com/images/sexism_fb.png" /> + <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Antic Didone:400,regular|Inika:400,bold,regular,700|Lustria:400,regular|Noticia Text:400,400italic,700,700italic,regular,italic" type="text/css" /> + <meta property="og:image" content="https://everydaysexism.com/images/sexism_fb.png" />
Linking to non-HTTPS images compromises security on an HTTPS service (with a so-called “mixed content”).
-
Reconsider using social-media buttons on the front page; those things have been known to include trackers, albeit for commercial, not misogynist purposes. You can always just use a link instead.
Last active
August 29, 2015 14:19
-
-
Save ndarville/26a0c3a89995b0699a26 to your computer and use it in GitHub Desktop.
HTTPS improvements
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment