Re: [ANN] Whirlwind.money | Bitcoin Mixer | Lowest Fees 0.25%-4% | Ultimate Privacy
⭐ Merited by hugeblack (4)
I saw a review campaign and was ready to participate in, but I see the same thing will be repeated over and over. Even if I could add an adress analysis from a tool used by CEXs to make it a bit different and a website security check.
However, I have a question
The website is missing the HTTP <Strict-Transport-Security security header>
You know? The point saying to browsers that Whirlwind should only be accessed with HTTPS, and any attempt to access it using HTTP should automatically be converted to HTTPS
However, I believe you configured a 301 redirect on your server (HTTP to HTTPS) , but the initial HTTP connection is still vulnerable to a man-in-the-middle attack
Just for my information, TYVM
By the way: Pretty smart to use Njalla
However, I have a question
The website is missing the HTTP <Strict-Transport-Security security header>
You know? The point saying to browsers that Whirlwind should only be accessed with HTTPS, and any attempt to access it using HTTP should automatically be converted to HTTPS
However, I believe you configured a 301 redirect on your server (HTTP to HTTPS) , but the initial HTTP connection is still vulnerable to a man-in-the-middle attack
Just for my information, TYVM
By the way: Pretty smart to use Njalla