Hi, Since we will be moving away from hosting our own website, I have changed the max-age value of both "Public-Key-Pins" and "Must-Staple" to zero... from 182 days.
I have left the "Strict-Transport-Security" one as is. Obviously this is not perfect, and browsers that don't visit our website in between now and when we switch will display a permanent, non-user dismissable, security error (unless the switch happens after 182 days OR we configure the same SSL certificate wherever the new website will be hosted). Florent
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl