The HTTP page at my website sends an HSTS header. This has no effect over HTTP, and should be removed. But what if i decide to not remove the error and preload my website through the HSTS Preload form? What happens?
Asked
Active
Viewed 400 times
1 Answers
-1
Don’t think there’s any preload requirement over this so still should be able to preload.
However if you can’t follow the spec on how to use HSTS, and can’t figure out how to prevent this being illegitimately sent over HTTP (which could have been researched in the time it took to raise your question), then I’d really question whether you are ready for the commitment that preload binds you to. There are real dangers when preloading without understanding the full implications as it’s basically irreversible.
Barry Pollard
- 30,554
- 4
- 60
- 77
-
I really can’t figure out how to prevent this from being illegitimately sent over HTTP. Other than that i just completely the form. I have to chosen to raise this question to hear some notable answers. – jehovahsays Feb 14 '18 at 03:45