Include an HSTS header in the 301 redirect from

Bug #1355378 reported by François Marier on 2014-08-11
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

As discussed in, we should close the MITM opportunity when users type "" in their URL bar by adding HSTS headers in the 301 redirect from

François Marier (fmarier) wrote :

mod_alias doesn't normally add headers to non-200 response. That's why we'll need to use the "always" condition:

  Header always add Strict-Transport-Security: "max-age=15768000"


Changed in libravatar:
assignee: François Marier (fmarier) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers