Page 1 of 1

Is your domain in the preload list?

Posted: Fri Sep 29, 2017 9:28 am
by Albert Wiersch
Is your site exclusively HTTPS? Check out this blog entry:
https://security.googleblog.com/2017/09 ... f-web.html

And see if your website can get on the preload list:
https://hstspreload.org/

I made htmlvalidator.com eligible and submitted it.

I use this in my Apache port 80 config (had to change it to redirect to https://htmlvalidator.com instead of https://www.htmlvalidator.com):

Code: Select all

<VirtualHost 50.116.31.253:80>
 ServerName www.htmlvalidator.com
 ServerAlias htmlvalidator.com *.htmlvalidator.com

<If "%{HTTP_HOST} == 'htmlvalidator.com'">
 Redirect / https://htmlvalidator.com/
</If>
<Else>
 Redirect / https://www.htmlvalidator.com/
</Else>

 DocumentRoot /something/here/
 DirectoryIndex index.php index.html index.htm
</VirtualHost>
And I add the HSTS header with this line (I added the preload directive):

Code: Select all

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Re: Is your domain in the preload list?

Posted: Mon Oct 30, 2017 1:11 pm
by RSteinwand
That's on my to-do list. I suspect we could redirect only html pages, but we still have software that requests updates over port 80.