Why does FreeBSD insist on https?
jd1008
jd1008 at gmail.com
Fri Apr 3 21:53:16 UTC 2015
On 04/03/2015 02:28 AM, Mel Pilgrim wrote:
> On 2015-04-03 00:32, Nino J wrote:
>> Just bear in mind that the OP mentioned redirect to https. That means
>> that
>> the initial request to the exact URL (i.e. before being redirected and
>> switching to https) is visible.
>
> Which is why we have HSTS. Packaged HSTS lists prevent the browser
> from ever sending an uncrypted URL.
>
> ________
Unfortunately, too many web sites do not have HSTS installed in the http
server.
I have seen it in many web sites.
More information about the freebsd-questions
mailing list