From ffbbb4311039cdbb4d45695f378b27314a170dcd Mon Sep 17 00:00:00 2001
From: Roman-Nopantski <Roman-Nopantski@users.noreply.github.com>
Date: Fri, 24 Feb 2017 01:34:25 +1300
Subject: [PATCH] add 1219 ref links

---
 user.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/user.js b/user.js
index c67cb43..6751fb3 100644
--- a/user.js
+++ b/user.js
@@ -659,7 +659,8 @@ user_pref("security.mixed_content.block_active_content", true);
 user_pref("security.mixed_content.send_hsts_priming", false);
 user_pref("security.mixed_content.use_hsts", false);
 // 1219: enforce HSTS preload list (default is true)
-   // recommended left at default, unless you fully understand the risks and trade-offs
+   // https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
+   // https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
 user_pref("network.stricttransportsecurity.preloadlist", true);
 // 1220: disable intermediate certificate caching (fingerprinting attack vector)
    // NOTE: This may be better handled under FPI (ticket 1323644, part of Tor Uplift)