HSTS rather than JavaScript Redirect

Question

HSTS rather than JavaScript Redirect

jerry-wolf opened this issue 8 years ago · 1 comments

Please support HSTS against protocol downgrade attacks.
As far as I know, some internet service provider in China like hijacking HTTP connection for monitoring and inserting ADs. So they can modify the page to enforce HTTP connnection through reverse proxy.

If possible, please add zeronet.io to HSTS preload list: https://hstspreload.appspot.com/

Answer 1 · 2016-12-28T00:31:04.000Z

Thanks for suggestion, submitted:

Success

zeronet.io is now pending inclusion in the HSTS preload list!

Please make sure that zeronet.io continues to satisfy all preload requirement, or it will be removed. Please revisit this site over the next few weeks to check on the status of your domain.

Also consider scanning for TLS issues using SSL Labs.