[eliot_sykes]

Good to see the word is spreading about HSTS. EFF started pushing it earlier this month [1], with a perhaps fair claim that it's not widely known about by web developers.

As the article shows it's pretty straightforward to setup; if you can add a response header to your app then you'll be able to figure out how to harden your app with HSTS.

For my fellow web developers who like to learn by video, I've tried to make an easily digested screencast and a page of sketch notes to help get the word out about HSTS and explain what it protects against [2].

[1] https://www.eff.org/deeplinks/2014/02/websites-hsts

[2] http://www.webdevbreak.com/episodes/hsts