Sorry, shouldn't have used "cracked." There are ways to circumvent HTTPS other than cracking it, like a MITM attack which would allow injecting a script like I said.
Even in that case, it would be the end of the Internet. Unless the HTTPS connection is very flawed or tampered already or your CA is not trusted or you have a very flawed browser that would not happen. An already established TLS connection is a very secure medium.
Now in order to prevent edge cases vulnerable to MITM attacks its recommended to add extra security controls like HSTS and Public Key Pinning among other things.
Sorry, shouldn't have used "cracked." There are ways to circumvent HTTPS other than cracking it, like a MITM attack which would allow injecting a script like I said.
Even in that case, it would be the end of the Internet. Unless the HTTPS connection is very flawed or tampered already or your CA is not trusted or you have a very flawed browser that would not happen. An already established TLS connection is a very secure medium.
Now in order to prevent edge cases vulnerable to MITM attacks its recommended to add extra security controls like HSTS and Public Key Pinning among other things.
Public key pinning is a good solution.
Also, I went to check out your site and your HTTPS certificate is invalid. You should probably fix that 😜
Shoot. I forgot to renew the Domain name.
theodespoudis.firebaseapp.com/ is the correct one!