Browser security: Difference between revisions

From bibbleWiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(One intermediate revision by the same user not shown)
Line 14: Line 14:
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
</syntaxhighlight>
</syntaxhighlight>
==Definition==
*max-age, the period for which insecure requests cannot be made, units in seconds
*includeSubdomains, include subdomains
*preload, this is used to have your site submitted for preload


=HTTP Public Key Pinning (HPKP)=
=HTTP Public Key Pinning (HPKP)=

Latest revision as of 06:14, 4 September 2020

Resources

HTTP Strict Transport Security (HSTS)

Set up Apache HSTS

In Apache 2 000-default.conf 

<VirtualHost *:80> 
ServerName example.com 
Redirect permanent / https://example.com/
</VirtualHost>

In Apache 2 default-ssl.conf 

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

Definition

  • max-age, the period for which insecure requests cannot be made, units in seconds
  • includeSubdomains, include subdomains
  • preload, this is used to have your site submitted for preload

HTTP Public Key Pinning (HPKP)

Content Security Policy (CSP)

Tools

Retrieved from "https://www.bibble.co.nz/mediawiki/index.php?title=Browser_security&oldid=1916"