HSTS docs include both requiring HTTPS and setting HSTS

[danyork]

Noting that the two HSTS docs for Apache and NGINX:

https://github.com/InternetSociety/ose-documentation/blob/master/ose-web-hsts-apache.md
https://github.com/InternetSociety/ose-documentation/blob/master/ose-web-hsts-nginx.md

include BOTH setting the HSTS header AND ensuring that ALL connections are made over HTTPS. Setting the HSTS header is simply one line in the config file. It would be good to break these apart more clearly.

[eduardodiazrivera]

I recommend than instead of giving us a recipe to follow (which does not apply to host services by the way) to set-up these parameter, you explain in more details about what HTTPS and HTSP are and the reason that you suggest that we do this. In other words, why one makes it more secured that the other? Advantages/Disadvantages?

…

-ed

On Mon, May 4, 2020 at 11:17 PM Dan York ***@***.***> wrote: Noting that the two HSTS docs for Apache and NGINX: https://github.com/InternetSociety/ose-documentation/blob/master/ose-web-hsts-apache.md https://github.com/InternetSociety/ose-documentation/blob/master/ose-web-hsts-nginx.md include BOTH setting the HSTS header AND ensuring that ALL connections are made over HTTPS. Setting the HSTS header is simply one line in the config file. It would be good to break these apart more clearly. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#6>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAOCH5L2WBRBQVNC6BWBRJLRP6AOLANCNFSM4MZHNGCQ> .

-- *NOTICE:* This email may contain information which is confidential and/or subject to legal privilege, and is intended for the use of the named addressee only. If you are not the intended recipient, you must not use, disclose or copy any part of this email. If you have received this email by mistake, please notify the sender and delete this message immediately.