Add TM to 'domains to include in HSTS' list (in Chrome, Safari and Firefox)

[DinisCruz]

This is submitted here https://hstspreload.appspot.com/

At the moment (with 3.4) we get this

The max-age is fixed in 3.5, but I don't think we have the includeSubdomains token

[michaelhidalgo]

Very nice, does this procedure address the issue presented in HSTS for the first HTTP request where a Eavesdropper could intercept it?

2014-08-11 11:29 GMT-06:00 Dinis Cruz notifications@github.com:

This is submitted here https://hstspreload.appspot.com/

At the moment (with 3.4) we get this

[image: image] https://cloud.githubusercontent.com/assets/656739/3879837/e4138d24-217c-11e4-8942-89d46e852cda.png

The max-age is fixed in 3.5, but I don't think we have the includeSubdomains token

— Reply to this email directly or view it on GitHub https://github.com/TeamMentor/Master/issues/875.

Michael Hidalgo http://michaelhidalgocr.blogspot.com

The future has many names: For the weak, it means the unattainable. For the fearful, it means the unknown. For the courageous, it means opportunity. (1802-1885) French Poet, Dramatist, Writer

[DinisCruz]

Yes point of the HSTS is to prevent that first request, and if the browser already knows that it should be in SSL , then even the first request even to that domain will be made in SSL