Region: EU
Browser: Google Chrome
Critical plugins: * Adblock Plus
OS: Windows
Connection type: * Router
Bug type: Main page
Lobby ID: --
Date & Time: 04.06.2020 14:40
Yo,
the main site of the TF2Center isn't formatting fine in Chrome while using 4K displays (3840x2160):
https://i.imgur.com/aYMtcFC.jpg
It's not the case for Microsoft Edge:
https://i.imgur.com/a9ibC6d.jpg
and for Mozilla Firefox:
https://i.imgur.com/4JT87mb.png
It may be important: I use window rescaling to 175% since I have 3 screens, where two of them are with FHD (1920x1080) screen resolution.
Also, another thing which is minor: ETF2L and its API works on HTTPS addresses only since yesterday. Please update profile links to HTTPS.
Also, regards secuity your page gets B score on ssllabs.com while you could get A+ easily with HTTPS everywhere: https://www.ssllabs....d=tf2center.com
Another test you'd like to take a look is Mozilla Observatory where you get F for webpage security: https://observatory....e/tf2center.com
Another security/availability/performance measures I'd take are:
- disable TLS 1.0 and 1.1 on Cloudflare setup (https://i.imgur.com/ScD3c9o.png)
- enable HSTS on Cloudflare and to add tf2center.com domain to a https://hstspreload.org/
- enable HTTP/2 and HTTP/3 (with QUIC) and IPv6 Compatibility (that needs additional configuration on a origin server (actually you can make pseudo 6to4 routing through Cloudflare but it's not hard to set up IPv6 support normally): https://i.imgur.com/w2Cpel3.png
- adding page headers:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy //that header is incomplete; you need to read a lot about it because it gives you a extra security on the page but using wrongly defined header can break your site (aka you will block a lot of site elements from loading for users)
- start using Secure and HttpOnly flags with JSESSIONID (there's a good article about this: https://owasp.org/ww...munity/HttpOnly)
Changing these things will make tf2center.com much secure site (also you'd get both A+ in both ssllabs.com and Mozilla Observatory tests.
If you need help - add me on Steam and we can discuss it.