@N_{Dario Fadda} be aware is a false http request with more. my browser denied access and wont load so I did this.
Than this:
$ping -c 3 https://www.insicurezzadigitale.com/cyberwarfare-tra-cina-e-taiwan-nuove-frontiere-della-tensione-geopolitica/
ping: https://www.insicurezzadigitale.com/cyberwarfare-tra-cina-e-taiwan-nuove-frontiere-della-tensione-geopolitica/: Name or service not known
@N_{Dario Fadda} is just delete url and type /// and enter. you are in root directory of that site. while site loads be fast though if your browser let this trough. Do it in Docker or a VM btw where this wont hurt only windows maybe or other than Linux. That ! at URL header on that picture show you is a false TLS handshake..
Test your site’s HTTP headers, including CSP and HSTS, to find security problems and get actionable recommendations to make your website more secure. Test other websites to see how you compare.
Test your site’s HTTP headers, including CSP and HSTS, to find security problems and get actionable recommendations to make your website more secure. Test other websites to see how you compare.
@N_{Dario Fadda} This is just to see the headers, as you it has many flaws. The test I did as you see above in console just with a ping in order to obtain ip for whois command, as my browser blocked it by going there it alerted me that site is unsafe. The bad header implications or lack of securing the site explains it somehow why my browser might have blocked it. Try out VT4 as it blocks my Tor I can not access it but I bet there must be a something, there go in details even if it is not flagged. Do not take it as reproach, rather a tip. It is rare that I'd be blocked to ping using Tor even if you refuse Tor access to your site. These Headers are easy to fix. But I could not reach it. Grtz
These are the scan results for https://www.insicurezzadigitale.com/cyberwarfare-tra-cina-e-taiwan-nuove-frontiere-della-tensione-geopolitica/ which scored the grade D.
@N_{Dario Fadda} So as you see a Client-Side issue> so is on my side, the 200 ok HTML code tells me received by your site but there if I could not reach it before and now yes, means that my device or Browser had issues (browser settings that interfered by loading the page as my network works decently fast) All else as DNS resolve or caching or server side can be ruled out as you see in the error's in F12. But in the end it did with that SuperPWA plug in activated. But with the previous Header checks I posted there is a risk of vulnerability. WordPress..
@zer0unplanned wordpress is nice but it is very complex in an environment with many plugins and also the security of all these plugins has tired me a bit. I have been working for some time to find an alternative solution, even giving up a lot of graphics and aiming more for clean content in plain HTML, but that is equally productive in terms of work in creating content. I have tried many solutions, but they have not convinced me yet. I am evaluating Jakyll with git, but in terms of editor it is too unproductive. I am definitely tired of Wordpress
@N_{Dario Fadda} while it should fit in the Diaspora powered fediverse, the CEO announce half a year ago or so that he drops support etc. It is very vulnerable, I find many in Meterpreter to inform you. (MetaSploit) I just scan not use. my ip and my profile is eyed and I do not blackhat, rather white or grey. But yes they depend on plug-inn's that also affect users. I will look out for a replacement for you but it wont work in the fediverse.
@N_{Dario Fadda} I did a change that might have gave me access. But as long the SSL is ok I would care bout that handshake policy(TLS) and X-Frame. But I guess you can not undo that as I guess you use it as a proxy this WP. the 1st HSTS is normal on WP.
plan-A
in reply to N_{Dario Fadda} • •@N_{Dario Fadda}
be aware is a false http request with more.
my browser denied access and wont load so I did this.
Than this:
plan-A
in reply to plan-A • — (Proud Eskimo!) •@N_{Dario Fadda}
is just delete url and type /// and enter. you are in root directory of that site.
while site loads be fast though if your browser let this trough.
Do it in Docker or a VM btw where this wont hurt only windows maybe or other than Linux.
That ! at URL header on that picture show you is a false TLS handshake..
Look friend: developer.mozilla.org/fr/obser…
Scan results - HTTP Observatory | MDN
MDN Web DocsN_{Dario Fadda}
in reply to plan-A • • •@zer0unplanned
When you obtain this error scan?
If I request a scan result this:
developer.mozilla.org/fr/obser…
Scan results - HTTP Observatory | MDN
MDN Web Docsplan-A
in reply to N_{Dario Fadda} • — (Proud Eskimo!) •This is just to see the headers, as you it has many flaws.
The test I did as you see above in console just with a ping in order to obtain ip for whois command, as my browser blocked it by going there it alerted me that site is unsafe.
The bad header implications or lack of securing the site explains it somehow why my browser might have blocked it. Try out VT4 as it blocks my Tor I can not access it but I bet there must be a something, there go in details even if it is not flagged.
Do not take it as reproach, rather a tip. It is rare that I'd be blocked to ping using Tor even if you refuse Tor access to your site. These Headers are easy to fix. But I could not reach it.
Grtz
plan-A
in reply to plan-A • — (Proud Eskimo!) •It might block my connection using DoH along with Tor?
here another way to check headers to secure the site.
securityheaders.com/?q=https%3…
Scan results for www.insicurezzadigitale.com/cyberwarfare-tra-cina-e-taiwan-nuove-frontiere-della-tensione-geopolitica/
securityheaders.complan-A
in reply to plan-A • — (Proud Eskimo!) •And after a few attempts it works now by inspecting unloaded page.
insicurezzadigitale.com/cyberw…
About the error is in inspecting site dev mode..
plan-A
in reply to plan-A • — (Proud Eskimo!) •So as you see a Client-Side issue> so is on my side, the 200 ok HTML code tells me received by your site but there if I could not reach it before and now yes, means that my device or Browser had issues (browser settings that interfered by loading the page as my network works decently fast) All else as DNS resolve or caching or server side can be ruled out as you see in the error's in F12.
But in the end it did with that SuperPWA plug in activated.
But with the previous Header checks I posted there is a risk of vulnerability.
WordPress..
N_{Dario Fadda} likes this.
N_{Dario Fadda}
in reply to plan-A • • •wordpress is nice but it is very complex in an environment with many plugins and also the security of all these plugins has tired me a bit. I have been working for some time to find an alternative solution, even giving up a lot of graphics and aiming more for clean content in plain HTML, but that is equally productive in terms of work in creating content. I have tried many solutions, but they have not convinced me yet. I am evaluating Jakyll with git, but in terms of editor it is too unproductive.
I am definitely tired of Wordpress
plan-A likes this.
plan-A
in reply to N_{Dario Fadda} • — (Proud Eskimo!) •while it should fit in the Diaspora powered fediverse, the CEO announce half a year ago or so that he drops support etc. It is very vulnerable, I find many in Meterpreter to inform you. (MetaSploit) I just scan not use.
my ip and my profile is eyed and I do not blackhat, rather white or grey.
But yes they depend on plug-inn's that also affect users. I will look out for a replacement for you but it wont work in the fediverse.
Have a nice day.
Try the other 2.
plan-A
in reply to N_{Dario Fadda} • •I did a change that might have gave me access. But as long the SSL is ok I would care bout that handshake policy(TLS) and X-Frame. But I guess you can not undo that as I guess you use it as a proxy this WP. the 1st HSTS is normal on WP.