This repository has been archived by the owner on Nov 15, 2023. It is now read-only.
Add check for HSTS preload list #3
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
As you know, this is a list shared by multiple browsers for websites that should be reached through HTTPS only. This is even more secure than HSTS since it's not prone to MitM on the first request. My suggestion is that you check for the presence of the domain within the HSTS preload list. You can get it at:
https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json
The text was updated successfully, but these errors were encountered: