I would. But I will use transport security in all pages of the domain and enable security headers to begin with (for example a header that prevents your page being displayed inside a frame and others things that can be abused).
There are free and freemium tools that help you to check security headers and several other security checks to make to your page. Also read OWASP top ten ;)
Key pinning is the last thing to add but I have never implement it. You must know what you are doing there.
By the way what i mean with transport security in all pages is that the server must upgrade http to https inmediatly upon the first call and use a header that forces secure requests.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I would. But I will use transport security in all pages of the domain and enable security headers to begin with (for example a header that prevents your page being displayed inside a frame and others things that can be abused).
There are free and freemium tools that help you to check security headers and several other security checks to make to your page. Also read OWASP top ten ;)
Key pinning is the last thing to add but I have never implement it. You must know what you are doing there.
By the way what i mean with transport security in all pages is that the server must upgrade http to https inmediatly upon the first call and use a header that forces secure requests.