Re: Proposal: Marking HTTP As Non-Secure

> Of the things that apply now, what sites can be doing is:
1) Ensuring HTTP redirects to HTTPS
2) Use canonical URLs - see
https://support.google.com/webmasters/answer/139066?hl=en
3) Use HSTS, when available.

I think that HTTP-redirect as a solution is "too late". The ••preloaded••
HTST headers initiative seems to be the right solution in order to avoid
that initial HTTP request...

https://hstspreload.appspot.com/

I don't think preloaded HSTS is part of the HSTS standard. How could we
raise adoption?

--
Jim Manico
@Manicode
(808) 652-3805

On Dec 29, 2014, at 12:07 PM, Ryan Sleevi <rsleevi@chromium.org> wrote:

Of the things that apply now, what sites can be doing is:
--
Jim Manico
@Manicode
(808) 652-3805

2) Use canonical URLs - see
https://support.google.com/webmasters/answer/139066?hl=en
3) Use HSTS, when available.

Received on Tuesday, 30 December 2014 04:02:02 UTC