HSTS

by **RiptideTempora** on Mon Dec 24, 2012 9:31 pm ([msg=71829]see HSTS[/msg])

Could you add an Hypertext Strict Transport Security header in the server config so compatible browsers will always redirect to https://www.hackthissite.org instead of http://www.hackthissite.org ?

by **Kage** on Wed Dec 26, 2012 3:10 pm ([msg=71849]see Re: HSTS[/msg])

Directive added to the load balancer and CDN.

by **fashizzlepop** on Wed Dec 26, 2012 8:58 pm ([msg=71853]see Re: HSTS[/msg])

I think a staff blog post may be in order?

by **Kage** on Wed Dec 26, 2012 9:47 pm ([msg=71854]see Re: HSTS[/msg])

Not really. I'd check this off as one of many 'silent updates'; little changes I make to tune the infrastructure that go relatively unnoticed. If I did a blog post about every little tuning I do, I'd be posting four or five times a day, every day or two.

I am noticing now that Chrome has re-cached HTS, it's automatically forcing me to use SSL, just from the HSTS header. That's kind of really neat. This is great because it forces SSL where supported browsers understand the header, but doesn't require SSL (such as a 301 redirect).

Excellent suggestion, Riptide. Thank you kindly.

by **mShred** on Thu Dec 27, 2012 12:32 am ([msg=71857]see Re: HSTS[/msg])

Yeah, I was the one who liasoned Riptide's idea to Kage.. Credit taken, of course.

HSTS

HSTS

Re: HSTS

Re: HSTS

Re: HSTS

Re: HSTS

Who is online