.dev: Difference between revisions
added HSTS preload paragraph here too |
No edit summary |
||
| Line 31: | Line 31: | ||
== mandatory HTTPS == | == mandatory HTTPS == | ||
.Dev and .app are the first TLDs to make HTTPS mandatory on all websites in the zone by enforcing [https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security HSTS] compliance. Google maintains a list known as the [https://hstspreload.org/ HSTS Preload List] which is honored by Chrome and most other modern browsers. Anyone can submit their site to the list, which tells browsers: “insecure HTTP is disabled for this domain”. Non-HTTPS-protected sites on the list therefore not load at all, rather than the typical fallback behavior of displaying an insecure site. The entire . | .Dev and .app are the first TLDs to make HTTPS mandatory on all websites in the zone by enforcing [https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security HSTS] compliance. Google maintains a list known as the [https://hstspreload.org/ HSTS Preload List] which is honored by Chrome and most other modern browsers. Anyone can submit their site to the list, which tells browsers: “insecure HTTP is disabled for this domain”. Non-HTTPS-protected sites on the list therefore not load at all, rather than the typical fallback behavior of displaying an insecure site. The entire .dev zone has [https://hstspreload.org/?domain=dev been added to the HSTS Preload List.] | ||
==References== | ==References== | ||