Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
website,x/gddo: enable HSTS for godoc.org and golang.org #26162
godoc.org uses HTTPS. It would be great to increase protection by implementing HSTS and preloading: https://hstspreload.org/?domain=godoc.org
This is especially valuable for godoc.org, since URLs are designed to be easily constructed (from other URLs) by hand and not everyone might add/keep the HTTPS scheme when they do so.
It seems the godoc.org server is constructed at
but I'm not sure about the best place to add a new header.