On Fri, Sep 18, 2009 at 10:30 PM, Jonas Sicking <jonas@sicking.cc> wrote: > I wonder for example if the client when receiving a > Strict-Transport-Security header should make a request to the root url > of the same origin to verify that the server indeed wants to opt in to > STS. That's a good idea. Do you think we should do that for all instances of Strict-Transport-Security, or just for headers with the includeSubDomains directive? AdamReceived on Saturday, 19 September 2009 06:03:18 GMT
This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:33 GMT