News/HTTPS enforcement at shared proxy
< News
The web proxy service for Cloud VPS projects is enforcing TLS encryption by automatically redirecting from HTTP to HTTPS.
What is changing?
- Requests to *.wmcloud.org and *.wmflabs.org hosts via the domain proxy service enforce TLS encryption
- Strict-Transport-Security header added to TLS secured responses instructing user-agents to automatically upgrade http:// requests to https:// for the next 24 hours.
Timeline
Done 2020-08-18: TLS enforced for GET and HEAD requests and Strict-Transport-Security header with one day duration sent to clients.- Done 2021-02-02: TLS enforced for all requests and Strict-Transport-Security header with one year duration sent to clients.