On Sat 2015-04-18 12:43:07 +0200, Alexander Buchner wrote: > On 18.04.2015 12:00, Olav Seyfarth wrote: >> Hi Daniel, >> >>> I just noticed that https://www.enigmail.net/download/source.php seems to >>> contain cleartext http links for the sourcecode tarballs (e.g. >>> http://www.enigmail.net/download/source/enigmail-1.8.2.tar.gz). >> >> thanks for notifying, fixed by Patrick 2 hours ago (I was too slow ...) > > Are there reasons against using HSTS for the whole site?
Nope, i don't think there are any reasons for enigmail.net to avoid HSTS. It would be even better to get the domain added to the preload list: https://hstspreload.appspot.com/ If you don't have control over the HTTP headers, but you can run PHP, you may be able to use the header() function [0] like this: header("Strict-Transport-Security: max-age=10886400; includeSubDomains; preload"); --dkg [0] http://php.net/manual/en/function.header.php _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net