hstspreload.org icon indicating copy to clipboard operation
hstspreload.org copied to clipboard

Published 20 hours ago verified publisher icon chromium

Front page: Indicate whether preloaded entries include subdomains.

Open lgarron opened this issue 8 years ago • 3 comments

e.g:

  • With subdomains: https://hstspreload.org/?domain=facebook.com
  • Without subdomains: https://hstspreload.org/?domain=youtube.com

lgarron avatar Oct 18 '17 22:10 lgarron

Note that this either requires the server to look at a recent version of the preload list, or to cache the information in the database.

lgarron avatar Oct 18 '17 22:10 lgarron

Actually, the curl log for https://youtube.com indicates that the domain does indeed include subdomains now:

PS C:\> curl -IL https://youtube.com
HTTP/2 301
content-length: 0
location: https://www.youtube.com/
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 14 Nov 2017 05:52:57 GMT
content-type: text/html
server: YouTube Frontend Proxy
x-xss-protection: 1; mode=block
alt-svc: quic=":443"; ma=2592000; v="41,39,38,37,35"

ExE-Boss avatar Nov 14 '17 05:11 ExE-Boss

Actually, the curl log for https://youtube.com indicates that the domain does indeed include subdomains now:

Indeed! :-D

https://twitter.com/lgarron/status/920776629877534720

A current example is www.wordpress.com

lgarron avatar Nov 14 '17 07:11 lgarron