[tor-mirrors] HSTS for a tor mirror
Dave Warren
dw at thedave.ca
Tue Jan 2 02:48:58 UTC 2018
On 2017-12-31 08:31, Valentin Brandl wrote:
> Hi there,
> I'm starting to build a mirror for the tor project. The instructions
> page states `Try not to redirect http to https. Many places in the world
> cannot use https due to local or national firewalls`.
>
> Since there should be no redirect, should I also stop sending HSTS
> headers when the page is visited via https? Also should or shouldn't I
> insert my site into the HSTS preload list?
I took this as a sign that I should remove my (default) redirect and
HSTS for my mirror, allowing users to make their own choice. I still
offer HTTPS with a valid certificate.
Your mileage may vary.
More information about the tor-mirrors
mailing list