|
|
|
|
|
|
by geofft
3836 days ago
|
|
|
This is pretty reasonable provided that you're not in danger of having to stop using HTTPS. For our personal blogs, that's probably fine (and hey, I should kick up the timeout on my HSTS header, thanks for the reminder). For a site that you're making for an employer or a customer, you should be certain that they're not going to want to move it over to a non-HTTPS-compatible web host for whatever reason. Most of the time you can be confident about this; sometimes you can't. Strict-Transport-Security is a promise to your viewers that for the next whatever time period you say, you're not going to change your mind about HTTPS. |
|
|