On Sun, Aug 16, 2015 at 5:20 AM, Faidon Liambotis <[email protected]> wrote:
> For Wikimedia sites, it is now impossible for proxies or firewalls to > strip headers, after the switch to HTTPS-only. Was this analysis done > before or during the HTTPS-only migration? > The data the 0.1% number is based on was collected from mid-April to this week. There is a chronological breakdown at T507#1530596 <https://phabricator.wikimedia.org/T507#1530596>. Some firewalls add themselves as root CA and then do a man-in-the-middle on HTTPS connections; AFAIK we don't do certificate pinning yet. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
