#hsts — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #hsts, aggregated by home.social.
-
Enabled HSTS with includeSubDomains and preload.
The cost is real and one-way: every current and future subdomain must serve HTTPS or become unreachable. Removal from the preload list is in browser-release hands, not yours.
Accepted because the site is HTTPS-only by intent and Caddy provisions certs for every subdomain automatically via Let's Encrypt.
-
Enabled HSTS with includeSubDomains and preload.
The cost is real and one-way: every current and future subdomain must serve HTTPS or become unreachable. Removal from the preload list is in browser-release hands, not yours.
Accepted because the site is HTTPS-only by intent and Caddy provisions certs for every subdomain automatically via Let's Encrypt.
-
Enabled HSTS with includeSubDomains and preload.
The cost is real and one-way: every current and future subdomain must serve HTTPS or become unreachable. Removal from the preload list is in browser-release hands, not yours.
Accepted because the site is HTTPS-only by intent and Caddy provisions certs for every subdomain automatically via Let's Encrypt.
-
Enabled HSTS with includeSubDomains and preload.
The cost is real and one-way: every current and future subdomain must serve HTTPS or become unreachable. Removal from the preload list is in browser-release hands, not yours.
Accepted because the site is HTTPS-only by intent and Caddy provisions certs for every subdomain automatically via Let's Encrypt.
-
secure your #wordpress site with #http #headers content-security policy #csp cross origin embedder policy #coep cross origin opener policy #coop cross origin resource policy #corp referrer policy http strict transport security #hsts permission policy and others: https://jornfranke.codeberg.page/technology-tutorials/wordpress-csp/