On 05/11/13 20:38, Yoav Nir wrote:
Enabling 'HTTP Strict Transport Security' (HSTS, RFC6797) might be a
good first step.
HSTS means that HTTP is off (or just redirects you to HTTPS). The first S
stands for "strict" and we mean it. :-)
Well, not entirely; the redirect is strictly not part of HSTS. Without a
redirect we give visitors an option; if you come in via http, fine... If
you come in via https with a browser that understands HSTS, then it's
https from that moment on.
And once we're all used to that, we can add the redirect ;-)
--
Marco