Leo Famulari <[email protected]> writes: >> - Force redirection of insecure connection with plain text to TLS >> - HSTS/HSTS-preload support missing (important) > > Yes, we should enable these.
Be careful with HSTS, it can make the site inaccessible if you lose access to a certificate and have to replace it. And yes, that can happen easily, and you then won’t have a way to inform visitors why they cannot access the site. If you enable it, make absolutely sure that the max-age is short enough. Best wishes, Arne -- Unpolitisch sein heißt politisch sein ohne es zu merken
signature.asc
Description: PGP signature
