Bug#824514: Please enable HSTS preloading

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#824514: Please enable HSTS preloading
From: Josh Triplett <josh@joshtriplett.org>
Date: Mon, 16 May 2016 16:13:38 -0700
Message-id: <[🔎] 146344041845.3729.11447821772235385414.reportbug@jtriplet-mobl2.jf.intel.com>
Reply-to: Josh Triplett <josh@joshtriplett.org>, 824514@bugs.debian.org

Package: www.debian.org
Severity: wishlist

https://www.debian.org/ (and other Debian sites) serve a
Strict-Transport-Security header to enable HSTS.  Please consider
enabling preloading as well; see https://hstspreload.appspot.com/ for
details.  Enabling preloading would ensure that even if a user types
"debian.org" into their browser, the very first request from that
browser will use HTTPS rather than HTTP.

Thanks,
Josh Triplett

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply to:

Follow-Ups:
- Bug#824514: Please enable HSTS preloading
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Bug#824085: packages.debian.org: please fix @p.d.o email aliases to forward to tracker.debian.org (and more)
Next by Date: Bug#824514: Please enable HSTS preloading
Previous by thread: We’d like to propose to redesign 'Debian.org' for free. Are you interested?
Next by thread: Bug#824514: Please enable HSTS preloading
Index(es):
- Date
- Thread