Google's HSTS list includes this entry: > { "name": "asus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, which indicates that Asus (or someone on their behalf) requested "asus.com" and all subdomains to be preloaded as HSTS in Chrome. Indeed, `asus.com` responds with the header: > strict-transport-security: max-age=31536000; includeSubDomains; preload which achieves the same effect. So either Asus needs to get removed from the list or they need to use a different domain hierarchy for people to talk to their routers.
Bug 1788684 Comment 22 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Google's HSTS list includes this entry: > { "name": "asus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, which indicates that Asus (or someone on their behalf) requested "asus.com" and all subdomains to be preloaded as HSTS in Chrome. Indeed, `asus.com` responds with the header: > strict-transport-security: max-age=31536000; includeSubDomains; preload which achieves the same effect. So either Asus needs to get removed from the list (and they need to change the header they send) or they need to use a different domain hierarchy for people to talk to their routers.