As of September 8th, 2015 this website has been added to the HSTS preloading list of Google Chrome. I expect Firefox to follow soon. This ensures that all connections from your browser is sent over encrypted HTTP, even when you try to connect with http://vulnerability.ch.
You can check HSTS-Settings in Chrome under: chrome://net-internals/#hsts
How to add your site to the list
- Add the following header to your site
Strict-Transport-Security:max-age=31415926; includeSubDomains; preload - Submit your site at “HSTS Preload Submission” and wait.
In Apache’s httpd you can for example add this line to your .htaccess file (on a share server) or in your httpd.conf (private server):
Header set Strict-Transport-Security "max-age=31415926; includeSubDomains; preload" env=HTTPS
This also prevents you from visiting websites, where you would ignore the certificate warning. Chrome no longer allows you that.
