You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The outbound scans used by hstspreload.org as well as bulk updates to check for preloading eligibility have started to be blocked by several CDNs' spam/fraud detection, which is preventing the addition and removal of domains in several known instances (and likely more we don't know about). Adding a custom user agent string lets these agents be allowlisted with a (User-Agent, ASN)-tuple.
I suggest "hsts-preload-bot" as a possible UA string, but am welcome to other suggestions.
The text was updated successfully, but these errors were encountered:
Thanks! I didn't see any active issues with this, but probably should have dug deeper into closed issues. Regarding your comments on #107, I'm also not generally a fan of encouraging allowlisting by user agent string, but this is the only mechanism we've been presented with to circumvent the automated blocking of domain scans. I'll re-open #107 and continue the discussion there.
The outbound scans used by hstspreload.org as well as bulk updates to check for preloading eligibility have started to be blocked by several CDNs' spam/fraud detection, which is preventing the addition and removal of domains in several known instances (and likely more we don't know about). Adding a custom user agent string lets these agents be allowlisted with a (User-Agent, ASN)-tuple.
I suggest "hsts-preload-bot" as a possible UA string, but am welcome to other suggestions.
The text was updated successfully, but these errors were encountered: