If I go to newsblur.com, I am served a page over http. If I go to https://newsblur.com, it is correctly served over https. Once I log in—over either connection—the reader loads via https.
I’d like to see http://newsblur.com redirect to https://newsblur.com, and if possible a HSTS header set to declare that browsers should always use an https connection.
Yep, I’ve got that checked. But anyone loading newsblur.com without checking the box gets a plain http page.
It’s a problem because it is a login page, and the login credentials are sent to /reader/login which uses https if the page was loaded over https, but http if the page was loaded that way (the default).