112. 112
client
server
1. query hostname
With HSTS preload list
hosts DNS
2. return ip
6. GET https
7. return page & HSTS
preload list
renderer
3.GET
page
5.is HSTS
4.query
113. 113
client
server
1. query hostname
With HSTS preload list
hosts DNS
2. return ip
6. GET https
7. return page & HSTS
preload list
renderer
3.GET
page
5.is HSTS
8.return
page 4.query
118. 118
Submission Requirements
● Serve a valid certificate.
● Redirect from HTTP to HTTPS on the same host, if you are
listening on port 80.
● Serve all subdomains over HTTPS.
119. 119
Submission Requirements
● Serve a valid certificate.
● Redirect from HTTP to HTTPS on the same host, if you are
listening on port 80.
● Serve all subdomains over HTTPS.
– In particular,you must support HTTPS for the www
subdomain if a DNS record for that subdomain exists.
120. 120
Submission Requirements
● Serve a valid certificate.
● Redirect from HTTP to HTTPS on the same host, if you are
listening on port 80.
● Serve all subdomains over HTTPS.
– In particular,you must support HTTPS for the www
subdomain if a DNS record for that subdomain exists.
● Serve an HSTS header on the base domain for HTTPS requests:
121. 121
Submission Requirements
● Serve a valid certificate.
● Redirect from HTTP to HTTPS on the same host, if you are
listening on port 80.
● Serve all subdomains over HTTPS.
– In particular,you must support HTTPS for the www
subdomain if a DNS record for that subdomain exists.
● Serve an HSTS header on the base domain for HTTPS requests:
– The max-age must be at least 31536000 seconds (1 year).
122. 122
Submission Requirements
● Serve a valid certificate.
● Redirect from HTTP to HTTPS on the same host, if you are
listening on port 80.
● Serve all subdomains over HTTPS.
– In particular,you must support HTTPS for the www
subdomain if a DNS record for that subdomain exists.
● Serve an HSTS header on the base domain for HTTPS requests:
– The max-age must be at least 31536000 seconds (1 year).
– The includeSubDomains directive must be specified.
123. 123
Submission Requirements
● Serve a valid certificate.
● Redirect from HTTP to HTTPS on the same host, if you are
listening on port 80.
● Serve all subdomains over HTTPS.
– In particular,you must support HTTPS for the www subdomain
if a DNS record for that subdomain exists.
● Serve an HSTS header on the base domain for HTTPS requests:
– The max-age must be at least 31536000 seconds (1 year).
– The includeSubDomains directive must be specified.
– The preload directive must be specified.
124. 124
Submission Requirements
● Serve a valid certificate.
● Redirect from HTTP to HTTPS on the same host, if you are listening on port 80.
● Serve all subdomains over HTTPS.
– In particular,you must support HTTPS for the www subdomain if a DNS
record for that subdomain exists.
● Serve an HSTS header on the base domain for HTTPS requests:
– The max-age must be at least 31536000 seconds (1 year).
– The includeSubDomains directive must be specified.
– The preload directive must be specified.
– If you are serving an additional redirect from your HTTPS site, that redirect
must still have the HSTS header (rather than the page it redirects to).