From 3d52fb8e36c8c67c7b37828ad578e35195ae0fe2 Mon Sep 17 00:00:00 2001
From: Dhananjay Balan <mail@dbalan.in>
Date: Mon, 15 Apr 2019 10:47:09 +0200
Subject: [PATCH] More edits to the HSTS post.

---
 blog/2019-04-08-notes-on-hsts.markdown | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/blog/2019-04-08-notes-on-hsts.markdown b/blog/2019-04-08-notes-on-hsts.markdown
index 485a2cc..4cb40fc 100644
--- a/blog/2019-04-08-notes-on-hsts.markdown
+++ b/blog/2019-04-08-notes-on-hsts.markdown
@@ -9,8 +9,10 @@ tags: hsts, security, privacy
 HTTP Strict Transport Secrity is a mechanism for sites to signal that
 they would only be serving a secure transport (read: TLS) to serve
 content from these domains. HSTS is defined in
-[RFC6797](https://tools.ietf.org/html/rfc6797). HSTS is really cool
-considering how easy is to enable it!
+[RFC6797](https://tools.ietf.org/html/rfc6797).
+
+HSTS is easy to enable, and its really cool how much of an impact it
+has to improve security.
 
 So how does it work? The secure version of the site sends an extra HTTP header
 
@@ -24,7 +26,7 @@ To an HSTS aware client (i.e all mordern browsers) this means
 
 client can now cache this information, and if you ever get the
 non-secure version of the site - know that someones tampering with the
-site.
+connection.
 
 But max age is only one of the directive, there are more.
 1. `includeSubdomains` directive: Tells your browser that apply the