Well, .dev domain has HSTS enabled to all subdomains. And there won't be even a ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jve on May 12, 2023 \| parent \| context \| favorite \| on: .zip is now available as a TLD Well, .dev domain has HSTS enabled to all subdomains. And there won't be even a hit to port 80 - it goes straight HTTPS by browser because of preload list. So you can't have non-HTTPS site on .dev domain visited by a browser. Thats some value.

toast0 on May 13, 2023 [–]

You can serve anti-HSTS headers if you really want to serve HTTP, but you'll need to serve HTTPS for the initial page loads.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact