We recently received a warning from McAfee regarding a domain that we manage. The domain hosts an e-commerce site, and we have done basic SEO-type activities on it.
One such activity is to redirect any “non-WWW” requests to the server to the proper “www.domain.com” structure, just to keep everything neat and tidy. Since it is not a URL redirection service, the overall length of the domain name shouldn’t matter.
The complaint from McAfee is as follows:
“When we make a request to the root directory (/) of the web server the server responds with a 301 or 302 redirect to another domain.”
I may just be a bit “old school”, but I certainly don’t consider “www.domain.com” to be a different domain from “domain.com”, but apparently McAfee has to, or at least they believe that they have to now since we haven’t had this problem in the past.
So now, it seems that we have to remove this redirection in order to pass the security scan and retain the “McAfee Secure” rating for the web site.
One of these days we may be able to get back to designing web sites for the users, and not for search engines and security scanners, but that day still seems to be far off.