Hacker News new | ask | show | jobs
by jve 1130 days ago
Well, .dev domain has HSTS enabled to all subdomains. And there won't be even a hit to port 80 - it goes straight HTTPS by browser because of preload list. So you can't have non-HTTPS site on .dev domain visited by a browser. Thats some value.
1 comments
toast0 1129 days ago
You can serve anti-HSTS headers if you really want to serve HTTP, but you'll need to serve HTTPS for the initial page loads.
link