diff options
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | dillorc | 2 |
2 files changed, 3 insertions, 1 deletions
@@ -27,6 +27,8 @@ dillo-3.1 [not released yet] - Give images lower priority when requesting resources (responsiveness). - Reuse of connections for HTTP (enable w/ http_persistent_conns in dillorc). - Abort failed queries. + - HTTP Strict Transport Security (disable with http_strict_transport_security + preference in dillorc). Patches: corvid +- Doxygen fixes. Patch: Jeremy Henty @@ -192,7 +192,7 @@ search_url="Google http://www.google.com/search?ie=UTF-8&oe=UTF-8&q=%s" # This mechanism allows servers to specify that they are only to be contacted # through HTTPS and not HTTP. # -# On the whole, this is a valuable security measure against TLS stripping +# Overall, this is a valuable security measure against TLS stripping # attacks, etc., but in principle a site could contrive to use this as a # tracking mechanism. The term is "HSTS super cookie", although note that these * HSTS directives are not saved between browser sessions. |