|
|
|
|
|
|
by azdle
4435 days ago
|
|
|
My understanding is that HSTS is purely for the client side. You can still have a server that serves http if you want, but any client that supports HSTS that has visited your domain since you started sending the header will simply add tls to any http:// link that it comes across. So your image link can still be served, but if the client does support HSTS it'll see the header and then make all subsequent requests over TLS. |
|
|