After many years of jrock.us being served over HTTPS, I finally remembered to enable HTTP Strict Transport Security. There was never any reason not to – all traffic to any website or app at jrock.us goes through my reverse proxy, and it’s served with a wildcard *.jrock.us certficiate. If it doesn’t go through my reverse proxy, that’s a bug, and should be fixed. Several days after making this change, I closed my GMail tab, and typed mail.