USPSOIG.gov HTTP Secure Transport Security/HSTS Preload
By Natasha L. - http://www.lupinia.net/
Posted:  February 19, 2016  15:39:12 | 170 words
========================

  - *URL:* [Chromium HSTS Preload List](https://cs.chromium.org/chromium/src/net/http/transport_security_state_static.json)
  - *Started:* December 2014
  - *Deployed:* January 2015
  - *Role:* DevOps Engineer
  - *Tech:* IIS
  - *Press:*
    - [Washington Post](https://www.washingtonpost.com/news/the-switch/wp/2015/02/11/your-browser-may-soon-force-you-to-connect-securely-to-some-u-s-government-web-sites/ "Washington Post:  'Your browser may soon force you to connect securely to some U.S. government Web sites'")
    - [18F Press Release](https://18f.gsa.gov/2015/02/09/the-first-gov-domains-hardcoded-into-your-browser-as-all-https/ "18F Press Release:  'The first .gov domains hardcoded into your browser as all-HTTPS'")
    - [USA.gov Blog Post](https://sites.usa.gov/blog/2016/08/09/more-info-on-https-move/ "USA.gov Blog Post:  'More Info on HSTS Move'")



In winter 2014, the USPSOIG was contacted by the [18F](https://18f.gsa.gov/) division of the GSA, inviting us to be among the first .gov domains to be hard-coded into the HSTS Preload List, as part of a kick-off initiative to get other agencies to follow suit. We agreed, and I was tapped to do the actual implementation. Ultimately, it wasn't very complex, but the testing involved was extensive, since we had to ensure that all of our subdomains (including internal resources) were ready. And I particularly enjoyed working with 18F; they're a great agency doing excellent work!

  
  



========================
(c) 2016 Natasha L.
Original version and further downloads available at https://lupinia.us/code/uspsoig/hsts.htm