Hacker News new | past | comments | ask | show | jobs | submit login

The article says googletagmanager.com has HSTS preloading. But it doesn't.

This is easily testable. I view the website in both Chrome and Firefox, and it's http, not https.

Sure googletagmanager.com is in the preload list, but it doesn't have "mode": "force-https". It just has certificate pinning, not HSTS.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: