curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

post(cloudflare-hsts): mdleom.com is now in preload list 

- but not yet deploy to stable
This commit is contained in:
MDLeom 2020-12-17 14:32:45 +00:00
parent 3f322336bf
commit ca58b7901e
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
source/_posts/cloudflare-hsts.md
View File

@ -2,6 +2,7 @@
title: Enabling HSTS preload in Cloudflare title: Enabling HSTS preload in Cloudflare
excerpt: Take note if you have www -> apex redirect excerpt: Take note if you have www -> apex redirect
date: 2020-11-22 date: 2020-11-22
updated: 2020-12-17
tags: tags:
- cloudflare - cloudflare
- security - security
@ -64,3 +65,13 @@ Covered by "Always use HTTPS":
- `http://www.example.com` -> `https://www.example.com` - `http://www.example.com` -> `https://www.example.com`
![Page Rules](20201122/page-rules.png) ![Page Rules](20201122/page-rules.png)
## Update (17 Dec 2020)
This website is now included in the Chromium's preload list after I submitted a [request](https://hstspreload.org/) a month ago. The list hasn't been deployed to browsers' (Chrome and Firefox) stable version yet, that may take another month or two.
```
$ curl -L https://github.com/chromium/chromium/raw/master/net/http/transport_security_state_static.json -o hsts-chromium.json
$ grep mdleom.com hsts-chromium.json
{ "name": "mdleom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true },
```