More edits to the HSTS post.

2019-04-15 10:47:09 +02:00 · 2019-04-15 10:47:09 +02:00 · 3d52fb8e36
commit 3d52fb8e36
parent c82f35abc7
1 changed files with 5 additions and 3 deletions
--- a/blog/2019-04-08-notes-on-hsts.markdown
+++ b/blog/2019-04-08-notes-on-hsts.markdown
@ -9,8 +9,10 @@ tags: hsts, security, privacy
 HTTP Strict Transport Secrity is a mechanism for sites to signal that
 they would only be serving a secure transport (read: TLS) to serve
 content from these domains. HSTS is defined in
-[RFC6797](https://tools.ietf.org/html/rfc6797). HSTS is really cool
-considering how easy is to enable it!
+[RFC6797](https://tools.ietf.org/html/rfc6797).
+
+HSTS is easy to enable, and its really cool how much of an impact it
+has to improve security.

 So how does it work? The secure version of the site sends an extra HTTP header

@ -24,7 +26,7 @@ To an HSTS aware client (i.e all mordern browsers) this means

 client can now cache this information, and if you ever get the
 non-secure version of the site - know that someones tampering with the
-site.
+connection.

 But max age is only one of the directive, there are more.
 1. `includeSubdomains` directive: Tells your browser that apply the