This is an advanced guide on HTTPS Everywhere, for those who already got listed by the HSTS Preload Appspot App and wants to enforce own rules. For those who have not started yet, can read our old articles like Nginx HSTS configuration, optimization of TLS / SSL grade etc. This is not a beginners guide. Only few will actually will ever need to read this guide.
HTTPS Everywhere For Your Domain : Common Misunderstandings
chrome://net-internals/#hsts is for debugging on Chrome on localhost. Actually there is a drop down, you can go to chrome://net-internals/#tests for own testing. The meanings are :
is_preloaded = is this domain HSTS-preloaded in Chrome?
pubkey_hashes = refers to public key pinning in the format
---
As HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation, pushing your Ruleset towards them will actually work for all the browsers ACTIVELY. Yes, technically, Google’s that list will list your website to all the browsers – but when it will actually happen, difficult to say. They will test with your domain as there are SEO Experts who are machine learning in their last phase of their carrier. Playing Poker, Gambling are also carriers, so as killing human for $100. All services are available on this Earth!
HTTPS Everywhere For Your Domain : Coding
Practically, this guide is only for hardly few hundred websites. Few steps of work, but you must understand rightly. First, set your own ruleset :
1 | https://www.eff.org/https-everywhere/rulesets |
If you have a subdomain which is not HTTPS, you have to exclude it. Actually, it is not possible to understand your need, thats the reason for this work. Possibly you are using a GNU Linux PC or a Mac. Fork this project :
1 | https://github.com/EFForg/https-everywhere |
After you have forked it, do the steps written here :
1 | https://www.eff.org/https-everywhere/development |
Keep in mind – normally forking means, you are going to send a pull request. So, set the ruleset first.
