Date: Fri, 03 Apr 2015 15:53:13 -0600 From: jd1008 <jd1008@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Why does FreeBSD insist on https? Message-ID: <551F0BC9.1050405@gmail.com> In-Reply-To: <551E4F43.1060109@bluerosetech.com> References: <CAA3ZYrD_2AaDfW3oJ-NFt333DrjOwgBR-8bbqH0eVZGL6Y_5WQ@mail.gmail.com> <551DA84D.8030205@gmail.com> <20150402222539.37e330f8@gumby.homeunix.com> <551DC4F7.5090005@gmail.com> <CALf6cgYFZBwy=SOcaayuP90jjGdvZt2aghYeCX0iTweceXXrEA@mail.gmail.com> <551E4F43.1060109@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/03/2015 02:28 AM, Mel Pilgrim wrote: > On 2015-04-03 00:32, Nino J wrote: >> Just bear in mind that the OP mentioned redirect to https. That means >> that >> the initial request to the exact URL (i.e. before being redirected and >> switching to https) is visible. > > Which is why we have HSTS. Packaged HSTS lists prevent the browser > from ever sending an uncrypted URL. > > ________ Unfortunately, too many web sites do not have HSTS installed in the http server. I have seen it in many web sites.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?551F0BC9.1050405>