Atm, I can observe my full name and my email (among other stuff) being transfered over an insecure protocol when I open http://cla.js.foundation/webpack/loader-runner.
In fact, it transfers the following stuff (over http://cla.js.foundation/api/github/call and http://cla.js.foundation/api/cla/getLastSignature):
- My full name
- My email
- My GitHub handle
- My Twitter handle
- My home city
While all of that is public info (at least for me), I do not want the places I visit (like coffee shops and whatever else) to be able to track me over that going through WiFi.
Please, do the following:
- Disable http, make http redirect to https
- Enable HSTS, with
preload feature.
- Ensure that the website has HSTS preloaded over https://hstspreload.org/
Atm, I can observe my full name and my email (among other stuff) being transfered over an insecure protocol when I open http://cla.js.foundation/webpack/loader-runner.
In fact, it transfers the following stuff (over http://cla.js.foundation/api/github/call and http://cla.js.foundation/api/cla/getLastSignature):
While all of that is public info (at least for me), I do not want the places I visit (like coffee shops and whatever else) to be able to track me over that going through WiFi.
Please, do the following:
preloadfeature.