"Be aware that inclusion in the preload list cannot really be undone. You can request to be removed, but it will take months for the deleted entry to reach users with a Chrome update and we cannot make guarantees about other browser vendors."
So basically once you submit it your domain is forever HTTPS on Chrome? I'm sure there are cases that might warrant HTTP. Mostly though the cases I am coming up with are mostly testing or implementation speed. It is generally easier to stand up HTTP than HTTPS. At least for now until Lets Encrypt is standard.
So basically once you submit it your domain is forever HTTPS on Chrome?
Yes, and Firefox too since they share the preload lists.
Mostly though the cases I am coming up with are mostly testing or implementation speed. It is generally easier to stand up HTTP than HTTPS. At least for now until Lets Encrypt is standard.
That sounds more of an issue for new domains, rather than established ones, no? I mean once you set up an inverse proxy like nginx to handle the HTTPS side, that should disappear.
11 comments
[ 5.3 ms ] story [ 42.7 ms ] threadI use HTTPS Everywhere, you'd be surprised how many sites are broken by default in HTTPS.
"This site uses a weak security configuration (SHA-1 signatures), so your connection may not be private."
So basically once you submit it your domain is forever HTTPS on Chrome? I'm sure there are cases that might warrant HTTP. Mostly though the cases I am coming up with are mostly testing or implementation speed. It is generally easier to stand up HTTP than HTTPS. At least for now until Lets Encrypt is standard.
Yes, and Firefox too since they share the preload lists.
Mostly though the cases I am coming up with are mostly testing or implementation speed. It is generally easier to stand up HTTP than HTTPS. At least for now until Lets Encrypt is standard.
That sounds more of an issue for new domains, rather than established ones, no? I mean once you set up an inverse proxy like nginx to handle the HTTPS side, that should disappear.