Closed
Description
Hello,
It doesn't seem that net/http's http.Transport supports HSTS (HTTP Strict-Transport-Security, http://tools.ietf.org/html/rfc6797). Is it something we could add?
Initially, I'm thinking just the http->https upgrade bit and not certificate pins. Also, just dynamic mode and not static configuration like Chromium has.
That is: if we receive an HSTS header we remember it in the current http.Transport and upgrade any future http request to https, but terminating the program means we forget about it.