Include an HSTS header in the 301 redirect from

Bug #1355378 reported by François Marier on 2014-08-11
This bug affects 1 person
Affects Status Importance Assigned to Milestone
François Marier

Bug Description

As discussed in, we should close the MITM opportunity when users type "" in their URL bar by adding HSTS headers in the 301 redirect from

François Marier (fmarier) wrote :

mod_alias doesn't normally add headers to non-200 response. That's why we'll need to use the "always" condition:

  Header always add Strict-Transport-Security: "max-age=15768000"


To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers