user.js

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README
commit ffbbb4311039cdbb4d45695f378b27314a170dcd
parent 7b80d3c73342b483cdd15426a73b895ff4c8623c
Author: Roman-Nopantski <Roman-Nopantski@users.noreply.github.com>
Date:   Fri, 24 Feb 2017 01:34:25 +1300

add 1219 ref links
Diffstat:

Muser.js | 3++-


1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/user.js b/user.js
@@ -659,7 +659,8 @@ user_pref("security.mixed_content.block_active_content", true);
 user_pref("security.mixed_content.send_hsts_priming", false);
 user_pref("security.mixed_content.use_hsts", false);
 // 1219: enforce HSTS preload list (default is true)
-   // recommended left at default, unless you fully understand the risks and trade-offs
+   // https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
+   // https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
 user_pref("network.stricttransportsecurity.preloadlist", true);
 // 1220: disable intermediate certificate caching (fingerprinting attack vector)
    // NOTE: This may be better handled under FPI (ticket 1323644, part of Tor Uplift)