Page MenuHomePhabricator

Set HSTS on (force HTTPS)
Open, MediumPublic


It would be nice to set HTTP Strict Transport Security on in case the website is finally hosted by WMDE.

Event Timeline

It puts additional burden upon the IT department to always send a valid certificate. Of course, it should never happen that we send an expired or revoked certificate. But mistakes happen. I'm skeptical.

But we can set the header and then see if there will be any complaints … :-)

Resetting inactive task assignee.

jijiki triaged this task as Medium priority.Nov 10 2020, 4:21 PM