Igor Galić created TS-1668:
------------------------------
Summary: Traffic Server does currently not implement HSTS
Key: TS-1668
URL: https://issues.apache.org/jira/browse/TS-1668
Project: Traffic Server
Issue Type: Bug
Reporter: Igor Galić
Apache Traffic Server can be used as Reverse Proxy as well as for {{TLS}}
({{SSL}}) Termination for a huge number of sites.
As such is the ideal point to implement HTTP Strict Transport security.
I propose enable administrators to globally ({{records.config}}) configure HSTS
for all sites that offer both, HTTP and HTTPS. (This switch, if backported,
should default to off for stable releases.)
We should further also make it possible to disable this setting per-site
({{ssl_multicert.config}}).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
