katanacrimson
commented
11 years ago Bumping - nearing one-month of age. This is merely adding an HTTP header to all Heello web and API requests to indicate that Heello should only be accessed via HTTPS (and not through HTTP) to help mitigate any MITM attempts via SSL terminators. Please consider.
http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Considering heello seems to be over HTTPS only (and always) this might be a good idea.