Make HSTS preloading optional

2025-07-27 09:46:12 +00:00 · 2016-12-16 02:44:32 -06:00 · 2016-12-16 02:44:32 -06:00 · 8d91bb76a9
commit 8d91bb76a9
parent ffaf884570
1 changed files with 2 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -719,7 +719,7 @@ Basic requirements:
 - No concerning bug is found when testing the wallet
 - Website supports HTTPS and 301 redirects HTTP requests
 - SSL certificate passes [Qualys SSL Labs SSL test](https://www.ssllabs.com/ssltest/)
- Website serving executable code or requiring authentication uses HSTS with a max-age of at least 180 days and is included in the [HSTS preload list](https://hstspreload.appspot.com/)
+- Website serving executable code or requiring authentication uses HSTS with a max-age of at least 180 days
 - The identity of CEOs and/or developers is public
 - Avoid address reuse by using a new change address for each transaction
 - If private keys or encryption keys are stored online:
@ -751,6 +751,7 @@ Optional criteria (some could become requirements):
 - Does not show "received from" Bitcoin addresses in the UI
 - Uses deterministic ECDSA nonces (RFC 6979)
 - Provides a bug reporting policy on the website
 - Website serving executable code or requiring authentication is included in the [HSTS preload list](https://hstspreload.appspot.com/)
 - If user has no access over its private keys:
  - Full reserve audit(s)
  - Insurance(s) against failures on their side