Indeed the HTTP -> HTTPS redirect is only the first step in solving the problem.... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Scott_Helme_ on July 24, 2018 \| parent \| context \| favorite \| on: Why No HTTPS? Indeed the HTTP -> HTTPS redirect is only the first step in solving the problem. A 301 redirect will offer some lasting protection as it can be cached but it's not really that great. The goal here is to take the first step to get on HTTPS and then longer term the sites can consider HSTS and eventually preloading.

Scott_Helme_ on July 24, 2018 [–]

It might also be useful to note I have a HSTS Cheat Sheet for more info: https://scotthelme.co.uk/hsts-cheat-sheet/

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact