Unsecure Login

I think this should be the first order of business.

[attachment deleted by admin]

Hi sAyer,

Solution: https://forums.comodo.com :-La

Perhaps the website could try to default to the https version? Perhaps it even does already?

I’m using a bookmark and for some reason it was not. Thanks Sanya and JoWa.

It does not, currently, but I have suggested that.

Any update on this?

Nothing that I have seen. :frowning:

BTW, the development release of HTTPS Everywhere has rules for forums.comodo.com enabled by default¹. It will be released as stable in about two months².

¹ HTTPS Everywhere Atlas
² [HTTPS-E Rulesets] Rulesets freeze, starting today

Thanks :-TU

Might have to give https everywhere a try. :slight_smile:

Another tip is to use Dragon’s feature Force Secure Connections.

In Chromium-browsers the same can be done manually, by entering the domain in question in chrome://net-internals/#hsts, dragon://net-internals/#hsts, opera://net-internals/#hsts etc. :-La

I did not know about that Chromium feature. Thanks JoWa. :-TU

You’re welcome. :slight_smile:

The feature is quite well hidden. :wink:

HTTP Strict Transport Security (HSTS) (RFC 6797) is powerful and well worth enabling for certain domains.

Google maintains an HSTS-list, which is used by Chromium and (with exceptions) Firefox.