2 Jan
2018
2 Jan
'18
2:48 a.m.
On 2017-12-31 08:31, Valentin Brandl wrote:
Hi there, I'm starting to build a mirror for the tor project. The instructions page states `Try not to redirect http to https. Many places in the world cannot use https due to local or national firewalls`.
Since there should be no redirect, should I also stop sending HSTS headers when the page is visited via https? Also should or shouldn't I insert my site into the HSTS preload list?
I took this as a sign that I should remove my (default) redirect and HSTS for my mirror, allowing users to make their own choice. I still offer HTTPS with a valid certificate.
Your mileage may vary.