Browser security: Difference between revisions
Jump to navigation
Jump to search
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=Resources= | =Resources= | ||
* https://caniuse.com/ great for seeing usage across browsers | * https://caniuse.com/ great for seeing usage across browsers | ||
= | =HTTP Strict Transport Security (HSTS)= | ||
==Set up Apache HSTS== | ==Set up Apache HSTS== | ||
In Apache 2 000-default.conf | In Apache 2 000-default.conf | ||
| Line 14: | Line 14: | ||
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" | Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" | ||
</syntaxhighlight> | </syntaxhighlight> | ||
= | ==Definition== | ||
*max-age, the period for which insecure requests cannot be made, units in seconds | |||
*includeSubdomains, include subdomains | |||
*preload, this is used to have your site submitted for preload | |||
=HTTP Public Key Pinning (HPKP)= | |||
=Content Security Policy (CSP)= | =Content Security Policy (CSP)= | ||
=Tools= | =Tools= | ||
Latest revision as of 06:14, 4 September 2020
Resources
- https://caniuse.com/ great for seeing usage across browsers
HTTP Strict Transport Security (HSTS)
Set up Apache HSTS
In Apache 2 000-default.conf
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
In Apache 2 default-ssl.conf
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
Definition
- max-age, the period for which insecure requests cannot be made, units in seconds
- includeSubdomains, include subdomains
- preload, this is used to have your site submitted for preload