You are right, I was referring specifically to "One observation here is that a considerable percentage of the rules no longer need to be included, as port 80 redirects to HTTPS anyway."
Best regards, Maxim Nazarenko On 22 July 2015 at 00:01, Jacob Hoffman-Andrews <[email protected]> wrote: > On 07/21/2015 05:30 AM, Maxim Nazarenko wrote: > > Unsecure connections can be MITMed easily. If the site is not HSTS > > preload list, the corresponding rule should stay. > It sounds like you are talking about sites that redirect from HTTP to > HTTPS. I think Dave Warren is talking about something else: A site that > forcibly redirects from HTTPS to HTTP. We can't include these in HTTPS > Everywhere because the site would fail to load. >
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
