Re: [tor-mirrors] HSTS for a tor mirror

* Dave Warren dw@thedave.ca [2018-01-02 03:44 +0100]:

On 2017-12-31 08:31, Valentin Brandl wrote: I took this as a sign that I should remove my (default) redirect and HSTS for my mirror, allowing users to make their own choice. I still offer HTTPS with a valid certificate.

Your mileage may vary.

I decided to serve the mirror both via HTTP and HTTPS and include the HSTS (and also HPKP) headers in HTTPS requests but I won't put the domain into the HSTS preload list since that might force some non-technical users to the HTTPS version, which might be blocked.