Changes between Initial Version and Version 1 of Ticket #28521, comment 18
- Timestamp:
- 05/11/2019 12:37:08 AM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #28521, comment 18
initial v1 11 11 6. Add redirect from HTTP to HTTPS for requests that don't already do this via `redirect_canonical()`. 12 12 7. Add `Content-Security-Policy: upgrade-insecure-requests` response header if HTTPS is enabled. This is supported in all browsers other than IE11 and avoids the need to do messy s/http/https/ string replacements in `the_content`, enqueued scripts/styles, etc. 13 8. Add HSTS response header.13 8. ~~Add HSTS response header.~~ 14 14 15 15 Thoughts? Anything else I'm forgetting?