Is your domain in the preload list?

Post here if your message doesn't fit into another forum but is still about web development. Includes site critiques, web hosting and server questions, helpful software and resources, and more.
Post Reply
User avatar
Albert Wiersch
Site Admin
Site Admin
Posts: 3236
Joined: Sat Dec 11, 2004 9:23 am
Location: Near Dallas, TX
Contact:

Is your domain in the preload list?

Post by Albert Wiersch » Fri Sep 29, 2017 9:28 am

Is your site exclusively HTTPS? Check out this blog entry:
https://security.googleblog.com/2017/09 ... f-web.html

And see if your website can get on the preload list:
https://hstspreload.org/

I made htmlvalidator.com eligible and submitted it.

I use this in my Apache port 80 config (had to change it to redirect to https://htmlvalidator.com instead of https://www.htmlvalidator.com):

Code: Select all

<VirtualHost 50.116.31.253:80>
 ServerName www.htmlvalidator.com
 ServerAlias htmlvalidator.com *.htmlvalidator.com

<If "%{HTTP_HOST} == 'htmlvalidator.com'">
 Redirect / https://htmlvalidator.com/
</If>
<Else>
 Redirect / https://www.htmlvalidator.com/
</Else>

 DocumentRoot /something/here/
 DirectoryIndex index.php index.html index.htm
</VirtualHost>
And I add the HSTS header with this line (I added the preload directive):

Code: Select all

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Image
Albert Wiersch

User avatar
RSteinwand
Rank VI - Professional
Rank VI - Professional
Posts: 562
Joined: Mon Jun 09, 2008 2:12 pm
Location: Fargo, ND
Contact:

Re: Is your domain in the preload list?

Post by RSteinwand » Mon Oct 30, 2017 1:11 pm

That's on my to-do list. I suspect we could redirect only html pages, but we still have software that requests updates over port 80.
Rick

Post Reply