Resources

• https://caniuse.com/ great for seeing usage across browsers

HSTS HTTP Strict Transport Security

Set up Apache HSTS

In Apache 2 000-default.conf

<VirtualHost *:80> 
ServerName example.com 
Redirect permanent / https://example.com/
</VirtualHost>

In Apache 2 default-ssl.conf

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

HPKP HTTP Public Key Pinning

CSP Content Security Policy

Tools