Browser security: Difference between revisions

From bibbleWiki
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
Line 14: Line 14:
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
</syntaxhighlight>
</syntaxhighlight>
==Definition==
*max-age, the period for which insecure requests cannot be made, units in seconds
*includeSubdomains,


=HTTP Public Key Pinning (HPKP)=
=HTTP Public Key Pinning (HPKP)=

Revision as of 06:06, 4 September 2020

Resources

HTTP Strict Transport Security (HSTS)

Set up Apache HSTS

In Apache 2 000-default.conf 

<VirtualHost *:80> 
ServerName example.com 
Redirect permanent / https://example.com/
</VirtualHost>

In Apache 2 default-ssl.conf 

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

Definition

  • max-age, the period for which insecure requests cannot be made, units in seconds
  • includeSubdomains,

HTTP Public Key Pinning (HPKP)

Content Security Policy (CSP)

Tools

Retrieved from "https://www.bibble.co.nz/mediawiki/index.php?title=Browser_security&oldid=1915"