-
In the README, you suggest setting `maxAge` to at least 18 weeks ([SSL Labs](https://www.ssllabs.com/) suggest at least 180 days) and `includeSubDomains` to `true`, why aren't those the default values…
-
From https://github.com/chromium/hstspreload/issues/3
-
From https://github.com/chromium/hstspreload/issues/49
-
From https://crbug.com/587957
> agl@ and I actually use an automated script to do what used to be the manual review for HSTS preload list submissions. The code is Google-internal at the moment [1].
>…
-
This will allow developers to test conditions locally.
```
hstspreload --checkHeader "preload; max-age=20"
hstspreload --checkResponse localhost:8080
hstspreload --checkDomain example.com
hstspreload…
-
The setting of the 'Strict-Transport-Security' security header is by default set to:
```
"Strict-Transport-Security" => "max-age=631138519; includeSubdomains; preload"
```
The use of this header is …
-
From https://crbug.com/593204
> e.g.
>
> [ ] I understand that preloading a domain through this form will require every subdomain of this site to serve a valid certificate (for that subdomain) in or…
-
e.g. in case the port is taken.
-
-
per [lgarron](https://twitter.com/lgarron/status/717486903872761856) a favicon was requested. Double turnstiles are used to denote tautologies (something which is true), HSTS is used to denote that ht…