If example.com serves up a policy with includeSubdomains. And sub.example.com serves up a policy without includeSubdomains, max-age=0, and redirects to http://sub.example.com.
I first visit example.com. And then I visit sub.example.com. What happens and where is this defined? -- https://annevankesteren.nl/ _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
