httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott (firstclasswatches.co.uk)" <scott.lu...@firstclasswatches.co.uk>
Subject Re: [users@httpd] How is this possible? Apache sends HSTS on a non valid cert but user can proceed, on compatible browser
Date Mon, 06 Oct 2014 22:22:55 GMT
Yes, HSTS requests over HTTP are ignored anyway for similar reasons.

Kind Regards,

Scott

First Class Watches
9 Warwick Road
Kenilworth
CV8 1HD
Warwickshire
United Kingdom

On 6 October 2014 23:19, Eddie B <eddie@mattermedia.com> wrote:

> Great answer, thank you Scott.
>
>
>
> Do you recommend only setting the HSTS header for https requests?
>
>
>

Mime
View raw message