My projects website is not secure?

How could my my project “secure”?

Are you using a custom domain? If so you might not have an SSL Certificate, or you might have configured it wrong.

If you are using the default domain, you might be on an insecure network or your school/employer is monitoring your internet usage and as a side effect, it removes the HTTPS

Step 1 is for you to define what you mean when you write “secure”. What makes you think it isn’t secure now and secure from what?

I am not using a custom domain. I own this glitch project webbed.glitch.me and it is secure. But this project that I need to be secure as it is working with tokens and passwords. cordclient.glitch.me

Is this a static project?

I think we’re getting closer but not quite there yet. if you go to http://webbed.glitch.me you will see that it isn’t “secure” in the traditional sense of the word. https://webbed.glitch.me is secure as it uses SSL. I think the same goes for your cordclient site.

Yeah, it is a static project.

Meaning? I don’t understand?

I believe we are using different terms here and I think we don’t know what makes you think one of those two sites is secure while the other isn’t or might not be.

I think you’re going to have to describe what is unsecure about it at the moment. Do you need a login page? Or you want web-based security tokens? I believe the question about “static” and by that we mean there is no server running on the site has to do with integrating token-based authorization.

I’m not expert but I’ve always used a server for that and it must be tricky (if not impossible) to do without a server. Don’t quote me on that but I’ve not done it any other way.

If you’re just looking for tips…

I’m not trying to hassle you but perhaps you can post a potential security problem that you feel your site might have as an example.

Just simply make a redirect from http:// to https://

Thanks for the idea! Is there anything that I could do to make it better? In the HTML I put <meta http-equiv="refresh" content="7; url='https://cordclient.glitch.me'" />

Is it possible to make the page wait? So after this part executes it waits?

If any of your code redirects to the http version, Simply change it. Otherwise it’s all good.

This isn’t a very good practice, your code still travels through the internet unencrypted before the redirect. Consider using a NodeJS project and do a 3xx redirect like so:

Using node.js isn’t worth it. I would recommend using the following code (minified):

<script>(x=>{(l=location)[p='protocol']=l[p][5]||'https'})()</script>

You could do that but keep in mind it doesn’t prevent insecure content from the site from traveling over the internet and won’t work if people have javascript disabled.