From ca58b7901eaae9197e91b3727481c9664ed0adf9 Mon Sep 17 00:00:00 2001 From: MDLeom <2809763-curben@users.noreply.gitlab.com> Date: Thu, 17 Dec 2020 14:32:45 +0000 Subject: [PATCH] post(cloudflare-hsts): mdleom.com is now in preload list - but not yet deploy to stable --- source/_posts/cloudflare-hsts.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/source/_posts/cloudflare-hsts.md b/source/_posts/cloudflare-hsts.md index b39558d..71c8481 100644 --- a/source/_posts/cloudflare-hsts.md +++ b/source/_posts/cloudflare-hsts.md @@ -2,6 +2,7 @@ title: Enabling HSTS preload in Cloudflare excerpt: Take note if you have www -> apex redirect date: 2020-11-22 +updated: 2020-12-17 tags: - cloudflare - security @@ -64,3 +65,13 @@ Covered by "Always use HTTPS": - `http://www.example.com` -> `https://www.example.com` ![Page Rules](20201122/page-rules.png) + +## Update (17 Dec 2020) + +This website is now included in the Chromium's preload list after I submitted a [request](https://hstspreload.org/) a month ago. The list hasn't been deployed to browsers' (Chrome and Firefox) stable version yet, that may take another month or two. + +``` +$ curl -L https://github.com/chromium/chromium/raw/master/net/http/transport_security_state_static.json -o hsts-chromium.json +$ grep mdleom.com hsts-chromium.json + { "name": "mdleom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, +```