Is your domain in the preload list?

Post here if your message doesn't fit into another forum but is still about web development. Includes site critiques, web hosting and server questions, helpful software and resources, and more.
Post Reply
User avatar
Albert Wiersch
Site Admin
Site Admin
Posts: 3222
Joined: Sat Dec 11, 2004 9:23 am
Location: Near Dallas, TX
Contact:

Is your domain in the preload list?

Post by Albert Wiersch » Fri Sep 29, 2017 9:28 am

Is your site exclusively HTTPS? Check out this blog entry:
https://security.googleblog.com/2017/09 ... f-web.html

And see if your website can get on the preload list:
https://hstspreload.org/

I made htmlvalidator.com eligible and submitted it.

I use this in my Apache port 80 config (had to change it to redirect to https://htmlvalidator.com instead of https://www.htmlvalidator.com):

Code: Select all

<VirtualHost 50.116.31.253:80>
 ServerName www.htmlvalidator.com
 ServerAlias htmlvalidator.com *.htmlvalidator.com

<If "%{HTTP_HOST} == 'htmlvalidator.com'">
 Redirect / https://htmlvalidator.com/
</If>
<Else>
 Redirect / https://www.htmlvalidator.com/
</Else>

 DocumentRoot /something/here/
 DirectoryIndex index.php index.html index.htm
</VirtualHost>
And I add the HSTS header with this line (I added the preload directive):

Code: Select all

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Image
Albert Wiersch

Post Reply