On 02/27/12 13:43, Florian Philipp wrote: > > Just a small follow-up: A neat server-sided trick I didn't know until > now is HTTP Strict Transport Security [1]. It prevents users from > clicking away SSL warnings and prevents mixed content. > > [1] http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security > > Regards, > Florian Philipp
This is nice, although, as with all nice things, it doesn't work in Internet Explorer. We try to hack together the same effect using Apache's mod_rewrite and redirects, but it's hard to get right. Most off-the-shelf web apps (e.g. Wordpress) do their best to thwart you.