[yootyootr]

By default when I click the link I'm directed to a non-secure HTTP version of github, which I found ironic given the page title

[cojant]

I was about to comment on the same... my only question to the OP (and other's who don't enforce HTTPS) is "why?!"

[mcsniff]

Why does a personal blog page need HTTPS? It's an output page, I read the contents and leave, I'm never submitting any of my information across the wire.

Someone along the way might modify the page? Unless they're using HSTS, it won't matter.

I'm all for encryption, but I'm also all for using tools when necessary, and not complicating things when not.

[iamjkt]

troyhunt answers this very question: https://www.troyhunt.com/heres-why-your-static-website-needs...

[yamtaddle]

It's an answer, but I still find it entirely unconvincing for a static personal blog. Better? Sure. Necessary? Damning if it's absent? No.

[fmajid]

You'd be surprised how many top websites (e.g. Amazon, eBay) don't even implement HSTS, let alone HSTS Preload. Here's some naming-and-shaming:

https://blog.majid.info/hsts-preload/

[zamnos]

HSTS is a commitment to future downtime for your site, and as such, is not recommended if you care about uptime for your site (like, say, Amazon.com might).