HSTS Preload list

This post was flagged by the community and is temporarily hidden.

When I run curl -IL http://careerwatch.com I receive the response:

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 10 Nov 2020 08:54:34 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
X-DIS-Request-ID: 877c6ebaf33457a0f0f3e76c05384ec1
P3P: CP=“NON DSP COR ADMa OUR IND UNI COM NAV INT”
Cache-Control: no-cache

Suggesting that your redirect to https isn’t working.

Different domain: careerwatch.com vs careerwatchlist.com

$ curl -IL http://careerwatchlist.com
HTTP/1.1 301 Moved Permanently
Date: Tue, 10 Nov 2020 09:07:43 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 10 Nov 2020 10:07:43 GMT
Location: https://careerwatchlist.com/
cf-request-id: 0653024c2d00009c2d89316000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8Z42E1Wg5VMkpe8QkMNQgyUxYcN4YNlxb%2F%2BpImZP7tuMfX5q204Vv2nyNm2bHy8duabA36TzPfglz8uv8AcJeJtvUKlCRGif6nSnUXhUZk%2FthNULtYcKSOLWk6dYjUMc"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 5efe9ff37d259c2d-AMS

HTTP/2 200
date: Tue, 10 Nov 2020 09:07:43 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d2d3c1f1258bc0dea5004ccf4c4b5f8171604999263; expires=Thu, 10-Dec-20 09:07:43 GMT; path=/; domain=.careerwatchlist.com; HttpOnly; SameSite=Lax; Secure
cf-ray: 5efe9ff42a7d1e81-AMS
cache-control: max-age=0, private, must-revalidate
etag: W/"04104473ef8dd44ad15d01f067ee1e13"
last-modified: Tue, 10 Nov 2020 03:32:12 GMT
set-cookie: _careerwatchlist_session=NM3W%2FsOcZ%2FSynI0EPI%2B5Ys9fhGbYAptEjgjKSHHJBQdrC1ZflFuhWY3jwfVHK9BJjpHyJhZkVY6IBNyl3Sx3z5kG0bkmdpT%2FdTwDq7pyVKYMVrCi9dEjagX9hrGQmbPta8AfTARUtXn0ezgjf48QXmqd46Plhn%2BXXjqCZBXDu8rIxWGFyBvPV1G7vKJaAkJgSm5tS35GEgy%2BsN0veVDu2WbMMqLDz6gcdMXJxtwJ4KoChZMRtJjy7xbyfkdZspDOSSI06NZKEqAfa5bq2TLHNc5Jqg67%2B0UBrw1mnKra%2Fr0%3D--ZApeAa99R8E3BmW%2F--UWgewF7OlFQnM7mzu1ZzPw%3D%3D; path=/; secure; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 vegur
cf-cache-status: DYNAMIC
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
x-html-edge-cache: cache
x-request-id: 85d01e3d-851b-4828-bebf-6e8231e2db21
x-runtime: 0.025127
cf-request-id: 0653024c9700001e819a362000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pz7FMm1ULjUtAkrv%2FBhYSjNyGHQVh1HFfm%2BSHpVRWXkOczAJ15GZWiZeiQx7PSb%2Fb%2FgXgGg6%2Bz0lLcjIs%2BpRa6plucJbLqnljSI1UR2h3wHI3zrWPJ%2B64ki13jaO2SWu"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare

Damn - apologies for the mis-direct!

1 Like

Looks like a similar issue was posted on their issue tracker on GitHub https://github.com/chromium/hstspreload.org/issues/77 with no obvious solution