1 comment

[ 7.1 ms ] story [ 140 ms ] thread
We recently added our domains to the "HTTP Strict Transport Security" preload list, and I had no idea this was even a thing. I assumed that the best we could do was to enforce HTTPS at the CDN/network level.

Anyone can add their own site or domain to this list, which enforces HTTPS at the browser level (for supporting browsers).