As a concerned user I would like to see HTTP Strict Transport Security Header set
fbernitt opened this issue · comments
Background:
The strict transport security header(https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) provides some protection against TLS/SSL downgrade attacks. It is supported by almost all modern browsers (http://caniuse.com/#feat=stricttransportsecurity) (only IE added it only recently))
Requirements:
When I open any dispatcher uri over a HTTPS connection
Then I see the "Strict-Transport-Security" header
This is a good idea but it isn't our focus now.
Our focus now is the migration of Bitmask libraries latest version to Pixelated code.
I'll close this issue for now, it might be reopened in the future if it makes sense.