Bug#824514: Please enable HSTS preloading
Package: www.debian.org
Severity: wishlist
https://www.debian.org/ (and other Debian sites) serve a
Strict-Transport-Security header to enable HSTS. Please consider
enabling preloading as well; see https://hstspreload.appspot.com/ for
details. Enabling preloading would ensure that even if a user types
"debian.org" into their browser, the very first request from that
browser will use HTTPS rather than HTTP.
Thanks,
Josh Triplett
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: