On 27.04.2016 23:40, William Budington wrote: > I wouldn't assume all sites on the HSTS preload list have the > include_subdomains directive set. This may be a new requirement, or > a requirement which is standard unless some kind of special request > is made. In these cases, domains submitted before the requirement > changed or upon a special request may not have include_subdomains > set. Case in point: you can see in the preload list[1] that > 'paypal.com' does not have include_subdomains set. > > 1. > https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json
This is unfortunate. I wasn't aware of this. :(
signature.asc
Description: OpenPGP digital signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
