* Dave Warren <[email protected]> [2018-01-02 03:44 +0100]: > On 2017-12-31 08:31, Valentin Brandl wrote: > I took this as a sign that I should remove my (default) redirect and HSTS > for my mirror, allowing users to make their own choice. I still offer HTTPS > with a valid certificate. > > Your mileage may vary.
I decided to serve the mirror both via HTTP and HTTPS and include the HSTS (and also HPKP) headers in HTTPS requests but I won't put the domain into the HSTS preload list since that might force some non-technical users to the HTTPS version, which might be blocked. -- greetings Valentin Brandl
signature.asc
Description: PGP signature
_______________________________________________ tor-mirrors mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors
