Add long time duration HSTS as a requirement for wallets

Drop Circle until the service supports HSTS

README.md

@@ -269,6 +269,7 @@ Basic requirements:
 - No concerning bug is found when testing the wallet
 - Website supports HTTPS and 301 redirects HTTP requests
 - SSL certificate passes [Qualys SSL Labs SSL test](https://www.ssllabs.com/ssltest/)
+- Website serving executable code or requiring authentication uses HSTS with a max-age of at least 180 days
 - The identity of CEOs and/or developers is public
 - If private keys or encryption keys are stored online:
   - Refuses weak passwords (short passwords and/or common passwords) used to secure access to any funds, or provides an aggressive account lock-out feature in response to failed login attempts along with a strict account recovery process.
@@ -301,7 +302,6 @@ Optional criterias (some could become requirements):
 - Uses deterministic ECDSA nonces (RFC 6979)
 - Provides a bug reporting policy on the website
 - If user has no access over its private keys:
-  - Enables HSTS
   - Full reserve audit(s)
   - Insurrance(s) against failures on their side
   - Reminds the user to enable 2FA in the main UI of the wallet

_templates/choose-your-wallet.html

@@ -598,28 +598,6 @@
           privacydisclosure: "checkfailprivacydisclosureaccount"
           privacynetwork: "checkpassprivacynetworksupporttorproxy"
 
-- circle:
-    title: "Circle"
-    titleshort: "Circle"
-    compat: "web"
-    level: 4
-    platform:
-      web:
-        text: "walletcircle"
-        link: "https://circle.com/"
-        screenshot: "circle.png"
-        os:
-        check:
-          control: "checkfailcontrolthirdpartyinsured"
-          validation: "checkfailvalidationcentralized"
-          transparency: "checkfailtransparencyremote"
-          environment: "checkpassenvironmenttwofactor"
-          privacy: "checkpassprivacybasic"
-        privacycheck:
-          privacyaddressreuse: "checkpassprivacyaddressrotation"
-          privacydisclosure: "checkfailprivacydisclosureaccount"
-          privacynetwork: "checkpassprivacynetworksupporttorproxy"
-
 ---
 
 <h1>{% translate pagetitle %}</h1>

_translations/en.yml

@@ -118,7 +118,6 @@ en:
     walletmyceliumwallet: "Mycelium Bitcoin Wallet is an open source wallet for Android designed for security, speed, and ease of use. It has unique features to manage your keys and for cold storage that help you secure your bitcoins."
     walletcoinbase: "Coinbase is a web wallet service that aims to be easy to use. It also provides an Android web wallet app, merchant tools and integration with US bank accounts to buy and sell bitcoins."
     walletxapo: "Xapo combines the convenience of an everyday Bitcoin wallet with the security of an insured deep cold storage vault. Xapo Debit Card links to your Xapo Wallet and allows you to spend bitcoins at millions of merchants all around the world."
-    walletcircle: "Circle is a web wallet service that aims to be easy to use. It provides the ability to instantly purchase and sell bitcoins using either a credit card or a U.S. bank account. It also provides an Android and an iOS web wallet app."
     walletcoinkite: "Coinkite is a web wallet & debit card service that aims to be easy to use. It also works on mobile browsers, has merchant tools, point-of-sale payment terminals. It is a hybrid wallet and full reserve vault."
     walletbitgo: "BitGo is a multi-signature wallet offering a high level of security. Every transaction requires two signatures, protecting your bitcoins from malware and server attacks. Private keys are held by the user such that BitGo cannot access the bitcoins. It is a good choice for non technical users."
     walletgreenaddress: "GreenAddress is a user-friendly multi-signature wallet with improved security and privacy. At no time are your keys server side, even encrypted. For security reasons, you should always use 2FA and the browser extension or Android App."