It would be good for users to have a way to add (not remove, just add) entries to the HSTS preload list. The use case I was given by the security guy at a large university is that they have a number of internal HTTPS sites they'd like to preload in everyone's browser, but they don't want to expose them publicly. I'm not sure what the best mechanism for that would be.
I think an add-on might be best for this: let sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService); sss.unsafeProcessHeader(sss.HEADER_HSTS, uri, "max-age: 10886400", 0);
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.