[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#824514: Please enable HSTS preloading

On Tue, May 17, 2016 at 7:13 AM, Josh Triplett wrote:

> https://www.debian.org/ (and other Debian sites) serve a
> Strict-Transport-Security header to enable HSTS.  Please consider
> enabling preloading as well; see https://hstspreload.appspot.com/

Unfortunately we can't do that because they only allow top-level
domains to be preloaded and not all debian.org subdomains support
https (and some never will, like nossl.people.debian.org). If that
requirement were to be relaxed then we could get added to the preload



Reply to: