On Fri, Sep 18, 2009 at 10:30 PM, Jonas Sicking <jonas@sicking.cc> wrote: > I wonder for example if the client when receiving a > Strict-Transport-Security header should make a request to the root url > of the same origin to verify that the server indeed wants to opt in to > STS. That's a good idea. Do you think we should do that for all instances of Strict-Transport-Security, or just for headers with the includeSubDomains directive? AdamReceived on Saturday, 19 September 2009 06:03:18 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:17 GMT