In T40516#1362484, @Nemo_bis wrote:

But why is the max-age only 1 day? Is that just for now while we test it out?

Probably yes. The ability to quickly assess and revert the change has been pointed out several times by ops on T49832.

I noticed that HSTS was enabled for English Wikipedia following the announcements here. But why is the max-age only 1 day? Is that just for now while we test it out?

It is good to be careful but I am sure the WMF will keep the servers listening on HTTP and serve 301 redirects to HTTPS.

Information: Mozilla announced plan to deprecate Non-Secure HTTP: https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

I see. Just for your reference, the English Wikipedia community had a discussion (https://en.wikipedia.org/wiki/Wikipedia:Village_pump_(proposals)/Archive_120#Should_Wikipedia_use_HTTPS_by_default_for_all_readers.3F) about this and while many points were made on both sides, the conclusion from that community was that this issue is to be decided by the WMF/developers. So good luck with your analysis, and I hope that any possible issues can be resolved soon so that we can make the switch in the near future. Thanks.

I see that the HTTPS infrastructure is now able to serve HTTPS-by-default (https://www.mediawiki.org/w/index.php?title=Wikimedia_Engineering%2F2014-15_Goals&diff=1535407&oldid=1519260). That's great! Any updates on the actual implementation? Thanks.

That's great to hear! Thanks.

Just to let everyone know, HTTPS traffic to desktop Wikimedia sites is no longer blocked in China. However, HTTPS to the mobile sites is still disrupted. I say this from personal experience, but here is a site to back it up: https://en.greatfire.org/https/en.wikipedia.org
https://en.greatfire.org/https/en.m.wikipedia.org

While there is not an official consensus yet, there are currently 12 supports and 0 opposes at the English Wikipedia Village Pump.