|
|
|
|
|
|
by buro9
3622 days ago
|
|
|
Plus... they don't have to do this. They could put in place redirects, and then use HSTS to tell browsers to only visit the HTTPS links. They could leave the old HTML unprocessed and pointing at HTTP and HSTS will fix it for modern browsers. Only the first request would be via HTTP, and Chrome and other browsers can be told to use HTTPS when they see the links even then: https://hstspreload.appspot.com/ |
|
|