-
It's time cardoni.net only serve traffic over `https`. because why not. that's why.
- [x] read this: http://nginx.org/en/docs/http/configuring_https_servers.html
- [x] find cheap, but trustworthy `s…
-
```
I'd like camlistore.org to be included on this:
https://hstspreload.appspot.com/
There's no real reason (yet), but it sends a message already that we care about
security, and we might as well d…
-
According to Wikipedia and some other websites [1][2], Safari supports HTTP Strict Transport Security as of OS X Mavericks, so https://www.chromestatus.com/features/4941480133132288 needs to update.
…
ghost updated
9 years ago
-
Hi,
I have a question that I've been thinking about for a while. If I set the "X-Frame-Options" and "Strict-Transport-Security" headers in my nginx configuration. Can I skip the filters that protect …
-
Hi,
I noticed that Blockchain.info already uses Strict-Transport-Security header (a.k.a. HSTS).
Current header:
`Strict-Transport-Security: max-age=31536000; includeSubDomains;`
This covers all reque…
i-rme updated
9 years ago
-
This is important, since sites with HTTPS cannot use the embed feature. FF22 also will cut support for HTTP in HTTPS context.
-
Chrome requires 'preload' to be set for the HSTS header: https://hstspreload.appspot.com/
-
It looks like https://godoc.org works just fine. Given that, is there any reason not to go HTTPS-only along with [HTTP Strict Transport Security (HSTS)](https://en.wikipedia.org/wiki/HTTP_Strict_Trans…