[tor-mirrors] HSTS for a tor mirror

Dave Warren dw at thedave.ca
Tue Jan 2 02:48:58 UTC 2018


On 2017-12-31 08:31, Valentin Brandl wrote:
> Hi there,
> I'm starting to build a mirror for the tor project. The instructions
> page states `Try not to redirect http to https. Many places in the world
> cannot use https due to local or national firewalls`.
> 
> Since there should be no redirect, should I also stop sending HSTS
> headers when the page is visited via https? Also should or shouldn't I
> insert my site into the HSTS preload list?

I took this as a sign that I should remove my (default) redirect and 
HSTS for my mirror, allowing users to make their own choice. I still 
offer HTTPS with a valid certificate.

Your mileage may vary.


More information about the tor-mirrors mailing list