On 25/07/2015 12:38 a.m., Yuri Voinov wrote: > > https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security > > 24.07.15 18:33, joe пишет: >> i dont see Strict-Transport-Security in my log header >> only alternate-protocol >> can you post an example link pls > Note that the header may be sent over HTTP or HTTPS connection just once with a value of up to 68 years. And the domain will be HTTPS from then on as far as that client is concerned. Dropping Strict-Transport-Security therefore does nothing useful. But Squid replacing it with a new value of "max-age=0; includeSubDomains" will turn off the HSTS in the client for that domain. Be careful with that though. HSTS is actually a good thing most of the time. No matter how annoying it is to us proxying. Regarding Alternate-Protocol; The latest Squid will auto-remove *always*. It usually indicates an protocol experiment taking place by the website being visited (ie Google and QUIC/SPDY) and does a lot of real damage to network security and usability in any proxied network. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users