For some reason, this forum (EMD) remains vulnerable to this.
Even if I specify HTTPs when coming here, I find the connection switches over to HTTP.
For example, if I click on "New Posts", I arrive at an insecure page, even though the link is to https://emaildiscussions.com/search.php?do=getnew.
Enabling HSTS would fix the security problem, but I guess/recall Edwin is inactive, and it would impact usability.
|