-
Because it also effects Threema Web, I thought to create the issue here.
Please add the `preload` and `includeSubdomains` directives on all Threema websites.
Then, when you have met all requiremen…
-
Hello,
please explain what is "Static Public Key Pinning":
https://www.ssllabs.com/ssltest/analyze.html?d=dns.google&s=8.8.8.8&hideResults=on
I know what is Public Key Pinning (HPKP), but not "…
ammnt updated
3 years ago
-
Latest one:
- https://docs.nextcloud.com/server/9/admin_manual/configuration_server/harden_server.html#enable-http-strict-transport-security
-
There are a few .app domains on the preload list, but the entire app TLD is preloaded. We should reject these submissions because they're already covered by the TLD entry.
-
The automatic transition from http to https is missing
-
Currently, it seems to be `Go-http-client/2.0` which doesn't tell the purpose for the request.
For example SSL Labs test sends `SSL Labs
https://www.ssllabs.com/about/assessment.html)` as user-a…
-
When entering one of my preloaded domains into the [removal form](https://hstspreload.org/removal/), it returns with:
> Status: jamieweb.net is currently preloaded, but no longer meets the requirem…
-
Some of the test cases in redirects_test.go and domain_test.go rely on the behavior of external domains. For some of these tests, that behavior has changed and the tests are no longer passing.
Pref…
-
Why don't we create online based entries chart which updates every branch release so that people can see the progression of the preload list instead of doing it manually. Mozilla has done the same thi…
-
We should no longer commit build products to the repository. ATM we are committing build products like minified CSS and JS from themes, which is the cause of ongoing merge-conflicts.
Beside themes…