HSTS preload list removals for Chrome 56.
> • go.ispire.me - reason: Using http redirects somethimes.
> • goto.ispire.me - reason: Using http redirects somethimes.
> • cdn.ispire.me - reason: Using http redirects somethimes.
> i work in pentest space and sometimes i need certain stuffs to be hosted in
> non-https. 😉
> • dev.eopugetsound.org – we do not have a cert (nor can we get one) for this
> • uptime.rocketmill.co.uk – points to a 3rd party server hosting an
> application. We don’t have control over the server and it doesn’t support
> HTTPS currently.
> • all subdomains — https was left only for primary domain name
> The website was shut down and the main domain transferred to tumblr.com DNS
> which does not support SSL.
> Migration to Nginx for new backend service expansion. Preload was previously
> required as there was no expectation of such expansion. The flag has been
> removed and max-age has now been set to 0. SSL & HTTP/2 will remain enabled
> where possible but preloading will not be required.
> Due to a wrong default configuration the sites has been serving a HSTS header
> without actual intend.
> • oddymianie.klimat-pro.pl - we do not have wildcard certificate for klimat-
> pro.pl, and our management is not willing to pay for such certificate, we
> still need to serve this page as it is page for our new product range.
> • www - it has been a project of mine, but I did not succeed
> • “email.liverpoolmutualhomes.org” – this uses the CreateSend personalised URL
> service that can only be used over plain HTTP. To our knowledge, no request
> was ever submitted to include the “liverpoolmutualhomes.org” domain in the
> preload list other than a previous developer adding the
> “www.liverpoolmutualhomes.org” with the “preload” by mistake and this was
> removed about April 2016 – this referenced the www.liverpoolmutualhomes.org,
> yet “liverpoolmutualhomes.org” has been registered.
> I never intended to be pre-loaded in the HSTS list. On an old web server some
> time ago, I was experimenting with SSL, and I accidentally enabled HSTS, not
> knowing what it was. I’ve disabled it already, but somehow my domain got
> included in the pre-load list, and now I can’t run small test stuff without
> SSL anymore.
> I want to sell this domain asap.
> guscaplan.me - moved to gus.host (pending HSTS)
> *.guscaplan.me - moved to *.gus.host (pending HSTS)
> because not working my subdomains if hsts on.
> Wasn't meant to have preload directive from the start.
Review URL: https://codereview.chromium.org/2449713002 .
1 file changed