1 files changed, 5 insertions(+), 3 deletions(-)

M blog/2019-04-08-notes-on-hsts.markdown

@@ 9,8 9,10 @@ tags: hsts, security, privacy
 HTTP Strict Transport Secrity is a mechanism for sites to signal that
 they would only be serving a secure transport (read: TLS) to serve
 content from these domains. HSTS is defined in
-[RFC6797](https://tools.ietf.org/html/rfc6797). HSTS is really cool
-considering how easy is to enable it!
+[RFC6797](https://tools.ietf.org/html/rfc6797).
+
+HSTS is easy to enable, and its really cool how much of an impact it
+has to improve security.
 
 So how does it work? The secure version of the site sends an extra HTTP header
 


@@ 24,7 26,7 @@ To an HSTS aware client (i.e all mordern browsers) this means
 
 client can now cache this information, and if you ever get the
 non-secure version of the site - know that someones tampering with the
-site.
+connection.
 
 But max age is only one of the directive, there are more.
 1. `includeSubdomains` directive: Tells your browser that apply the