It's also useful to set hsts for the whole domain.
I'm opinionated enough to say if you type http://example.org/foo, I'm just going to redirect that to https://www.example.org/ but reasonable people could disagree (especially since Chrome has been going back and forth on displaying the actual URL and something that's vaguely similar to it)
I'm opinionated enough to say if you type http://example.org/foo, I'm just going to redirect that to https://www.example.org/ but reasonable people could disagree (especially since Chrome has been going back and forth on displaying the actual URL and something that's vaguely similar to it)