[tor-mirrors] HSTS for a tor mirror
mail+tor at vbrandl.net
Fri Jan 5 22:49:30 UTC 2018
* Dave Warren <dw at thedave.ca> [2018-01-02 03:44 +0100]:
> On 2017-12-31 08:31, Valentin Brandl wrote:
> I took this as a sign that I should remove my (default) redirect and HSTS
> for my mirror, allowing users to make their own choice. I still offer HTTPS
> with a valid certificate.
> Your mileage may vary.
I decided to serve the mirror both via HTTP and HTTPS and include the
HSTS (and also HPKP) headers in HTTPS requests but I won't put the
domain into the HSTS preload list since that might force some
non-technical users to the HTTPS version, which might be blocked.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: not available
More information about the tor-mirrors