Browser security
Jump to navigation
Jump to search
Resources
- https://caniuse.com/ great for seeing usage across browsers
HTTP Strict Transport Security (HSTS)
Set up Apache HSTS
In Apache 2 000-default.conf
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
In Apache 2 default-ssl.conf
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
Definition
- max-age, the period for which insecure requests cannot be made, units in seconds
- includeSubdomains, include subdomains
- preload, this is used to have your site submitted for preload