search

mozilla / identity-ops

Tools and Chef cookbooks used by Mozilla Services Operations to provision and manage Persona
Other
24 stars 12 forks source link

aws prod setting redundant parameters for Strict-Transport-Security header #41

Open jrgm opened 11 years ago

jrgm commented 11 years ago

Looking (for another reason) at headers from prod aws login.persona.org, the STS header declares max-age and includeSubdomains twice. 

Strict-Transport-Security: max-age=10886400; includeSubdomains, max-age=10886400; includeSubdomains

That's what it shows me in httpfox, not on the wire (i.e., it could be two STS headers folded into one by necko (firefox)). At any rate, that does not change the meaning per rfcs. But just thought I would note that it's there and we can decide if we care about this.