It's actually kind of a pain to enable HSTS because it makes you fix all the pla... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

rabidsnail on July 19, 2012 | parent | context | favorite | on: Living with HTTPS

It's actually kind of a pain to enable HSTS because it makes you fix all the places where you're downgrading to HTTP. You should definitely do it if you care whether your users' sessions get hijacked, but it's not _just_ flipping a switch.

harshreality on July 20, 2012 [–]

Pages with http://yoursite links work seamlessly. The browser will access those via https when you click. As long as the SSL version of your site is serving the same resources, there's no problem.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact