|
|
|
|
|
|
by toast0
2388 days ago
|
|
|
Strict HTTPS upgrades is probably warranted. Getting into the https preload list is easy (if your infrastructure is ready) and effective. HTTPS has real costs, but if you're distributing javascript at high volumes you should pay them. (Handling the ddos is harder when the target is https though... Can't know what the handshake is about until you've spent the cpu on handshaking) |
|
|