Todo:
-
HTTP Strict Transport Security
- Strict-Transport-Security: max-age=2592000; includeSubDomains
- "Only access my site and all its subdomains over HTTPS for the next month"
- Start with a smaller max-age to start out with
-
TLS False Start
-
TLS Session Resumption
-
HTTP 301 redirect from http -> https version
- canonical url on the page that is https://mediasite
-
App Manifest - manifest.json
- Don't forget appropriate tags for iOS/Safari and such
-
Don't make a "Thanks for installing me" push notification
- Pointless; you'll have plenty of chances to engage with the user
-
Make notifications timely, precise, and relevant
-
Ask permission in context
-
Be awesome!
-
g.co/WebPushNotifications