Hacker Newsnew | comments | show | ask | jobs | submit login

My personal site, for various reasons including this one, is entirely HTTPS. If you try to access any part of my site by HTTP, you're just redirected to HTTPS.

(this is mostly because I'm too lazy to maintain separate site configurations for HTTPS and HTTP)




Make sure you also set the Strict-Transport-Security header to prevent attacks against the HTTP-to-HTTPS redirect.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: