|
|
|
|
|
|
by tialaramex
1870 days ago
|
|
|
HSTS preloading is hierarchical, so it's not necessary for individual site owners to submit, if the domain above yours opted its entire hierarchy in, you're in. So if you own example.foo or example.dev you don't need to do anything and indeed can't choose, because Google (owners of the foo and dev top level domains) preloaded the entire TLD. http://some.example.dev/ can still exist, but you can't go there in a typical modern web browser, it will take you to https://some.example.dev/ regardless. So software that knows it actually wants the plaintext protocol can use it, but your ordinary users can't get SSL stripped. |
|
|