As a concerned user I would like to see HTTP Strict Transport Security Header set

Question

fbernitt opened this issue 9 years ago · comments

Background:

The strict transport security header(https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) provides some protection against TLS/SSL downgrade attacks. It is supported by almost all modern browsers (http://caniuse.com/#feat=stricttransportsecurity) (only IE added it only recently))

Requirements:

When I open any dispatcher uri over a HTTPS connection
Then I see the "Strict-Transport-Security" header

Renata Nobre · Answer 1 · Thu Jul 23 2015 04:50:05 GMT+0800 (China Standard Time)

This is a good idea but it isn't our focus now.
Our focus now is the migration of Bitmask libraries latest version to Pixelated code.

I'll close this issue for now, it might be reopened in the future if it makes sense.