@diogomonica For an A+ on ssllabs you do not need HPKP, but HSTS with a long period (180+ days). ; so your HSTS period is too short btw. 1/2
-
-
Replying to @asaaki
@diogomonica 2/2 So if you extend the period in your header you should get an A+ even with cloudflare (guess here because I don't use them).1 reply 0 retweets 0 likes
Replying to @asaaki
@asaaki @diogomonica Correct, for A+ you need 6 months or more: https://blog.cloudflare.com/enforce-web-policy-with-hypertext-strict-transport-security-hsts/ …
0 replies
1 retweet
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.