More edits to the HSTS post.
This commit is contained in:
parent
c82f35abc7
commit
3d52fb8e36
@ -9,8 +9,10 @@ tags: hsts, security, privacy
|
|||||||
HTTP Strict Transport Secrity is a mechanism for sites to signal that
|
HTTP Strict Transport Secrity is a mechanism for sites to signal that
|
||||||
they would only be serving a secure transport (read: TLS) to serve
|
they would only be serving a secure transport (read: TLS) to serve
|
||||||
content from these domains. HSTS is defined in
|
content from these domains. HSTS is defined in
|
||||||
[RFC6797](https://tools.ietf.org/html/rfc6797). HSTS is really cool
|
[RFC6797](https://tools.ietf.org/html/rfc6797).
|
||||||
considering how easy is to enable it!
|
|
||||||
|
HSTS is easy to enable, and its really cool how much of an impact it
|
||||||
|
has to improve security.
|
||||||
|
|
||||||
So how does it work? The secure version of the site sends an extra HTTP header
|
So how does it work? The secure version of the site sends an extra HTTP header
|
||||||
|
|
||||||
@ -24,7 +26,7 @@ To an HSTS aware client (i.e all mordern browsers) this means
|
|||||||
|
|
||||||
client can now cache this information, and if you ever get the
|
client can now cache this information, and if you ever get the
|
||||||
non-secure version of the site - know that someones tampering with the
|
non-secure version of the site - know that someones tampering with the
|
||||||
site.
|
connection.
|
||||||
|
|
||||||
But max age is only one of the directive, there are more.
|
But max age is only one of the directive, there are more.
|
||||||
1. `includeSubdomains` directive: Tells your browser that apply the
|
1. `includeSubdomains` directive: Tells your browser that apply the
|
||||||
|
Loading…
Reference in New Issue
Block a user