[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#824514: Please enable HSTS preloading

Package: www.debian.org
Severity: wishlist

https://www.debian.org/ (and other Debian sites) serve a
Strict-Transport-Security header to enable HSTS.  Please consider
enabling preloading as well; see https://hstspreload.appspot.com/ for
details.  Enabling preloading would ensure that even if a user types
"debian.org" into their browser, the very first request from that
browser will use HTTPS rather than HTTP.

Josh Triplett

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply to: