Browser security

From bibbleWiki
Revision as of 06:14, 4 September 2020 by Iwiseman (talk | contribs) (Definition)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Resources

HTTP Strict Transport Security (HSTS)

Set up Apache HSTS

In Apache 2 000-default.conf 

<VirtualHost *:80> 
ServerName example.com 
Redirect permanent / https://example.com/
</VirtualHost>

In Apache 2 default-ssl.conf 

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

Definition

  • max-age, the period for which insecure requests cannot be made, units in seconds
  • includeSubdomains, include subdomains
  • preload, this is used to have your site submitted for preload

HTTP Public Key Pinning (HPKP)

Content Security Policy (CSP)

Tools

Retrieved from "https://www.bibble.co.nz/mediawiki/index.php?title=Browser_security&oldid=1916"