konklone
commented
9 years ago Ping! Now that the site's launched and stable, is this a header we can get onto the site? Is that something I can be helpful with?
Open konklone opened 9 years ago
konklone
commented
9 years ago Ping! Now that the site's launched and stable, is this a header we can get onto the site? Is that something I can be helpful with?
As recommended by OMB, for a second-level domain like everykidsinapark.gov, it's preferable (and awesome) to add an HSTS policy of:
It's important for this policy to appear on the root
https://everykidinapark.gov, and not only on thewwwsubdomain.The current policy is our Cloud Foundry default, which lacks the
; includeSubDomains; preloadpart. Cloud Foundry is designed to pass on an app's own HSTS policy if it sets one itself, so an override by EKIP will show up on the public internet.