Block port 443 for all protocols other than HTTPS or WSS.
This addresses the history leak (on non-preloaded HSTS sites) from https://crbug.com/436451:
Therefore, a malicious website can include well-chosen cross-domain images and use this trick to brute-force a list of domains that users have visited. Note that the list could only contain HSTS-enabled but not preloaded websites."
Review URL: https://codereview.chromium.org/770343003
4 files changed