[tor-mirrors] HSTS for a tor mirror

Valentin Brandl mail+tor at vbrandl.net
Fri Jan 5 22:49:30 UTC 2018

* Dave Warren <dw at thedave.ca> [2018-01-02 03:44 +0100]:
> On 2017-12-31 08:31, Valentin Brandl wrote:
> I took this as a sign that I should remove my (default) redirect and HSTS
> for my mirror, allowing users to make their own choice. I still offer HTTPS
> with a valid certificate.
> Your mileage may vary.

I decided to serve the mirror both via HTTP and HTTPS and include the
HSTS (and also HPKP) headers in HTTPS requests but I won't put the
domain into the HSTS preload list since that might force some
non-technical users to the HTTPS version, which might be blocked.

Valentin Brandl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-mirrors/attachments/20180105/5b9e789d/attachment.sig>

More information about the tor-mirrors mailing list