Home >

standard alone strict-transport-security

  • Strict Transport Security - max_age valueJuly 23

    I've been wondering what max-age should the HTTP Strict Transport Security header have. Both paypal and lastpass sites leave it very low: 500 (seconds = bit over 8 minutes) market.android.com has it set much higher: 2592000 (seconds = 30 days). Do I

  • Enable HTTP Strict Transport Security (HSTS) in IIS 7August 13

    What is the best way to turn on HTTP Strict Transport Security on an IIS 7 web server? Can I just through the GUI and add the proper HTTP response header or should I be using appcmd and if so what switches? --------------Solutions------------- IIS ha

  • Is HSTS (Strict-Transport-Security header) for HTTP or HTTPS?November 10

    Is the Strict-Transport-Security header intended for HTTP or HTTPS? What I mean is, do I respond with this header on a HTTP connection which in turn tells the browser to use HTTPS only from that point on? Or, is this header only used on a HTTPS respo

  • http strict transport security on apacheDecember 5

    I could not find one topic on HSTS here on askubuntu.com yet so here it comes: I want to setup HSTS so that my webserver will force the browsers to use HTTPS. Does anyone know how to set this up for apache2 in a proper way? --------------Solutions---

  • Enable HTTP Strict Transport SecuritySeptember 23

    Hello, I just updated my OwnCloud installation to the newest version 8.1 and the admin panel warns me that Code: The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recomm

  • Implementing HTTP Strict-Transport-Security via MVC action filterApril 27

    HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications fr

  • Strict-Transport-Security on CloudFront with S3 origin?September 22

    My company's site has a static homepage for speed and cost reasons. We use S3 as the origin for CloudFront. Now, we would like to declare Strict-Transport-Security for the entire domain, but S3 seems to not send any headers we specify (beyond ones st

  • Strict-Transport-Security header set, but Firefox and Chrome still using HTTPFebruary 15

    My website makes use of Universal SSL from CloudFlare and I would like to have the browser redirect to HTTPS automatically. However, as not all browsers support the type of SSL cloudflare uses, I don't want to outright force SSL. So HSTS seems to be

  • Is Strict-Transport-Security HTTP header name case-sensitive?May 26

    I'm digging into the HTTP Strict-Transport-Security specification, https://tools.ietf.org/html/rfc6797 It specifies the syntax of the header like this: Strict-Transport-Security: max-age=15768000 ; includeSubDomains The RFC specifies that directive n

  • HTTP Strict Transport Security (HSTS), Azure and HTTP Strict Transport Security IIS ModuleJune 9

    Question: How do you properly install and configure HTTP Strict Transport Security (HSTS) in an Azure website? Apparently for IIS the method to use is to install this module: http://hstsiis.codeplex.com/ The problem is that, according to the document

  • In practice, is it safe to set Strict-Transport-Security header on non-SSL requests?December 18

    Section 7.2 of RFC 6797 states: An HSTS Host MUST NOT include the STS header field in HTTP responses conveyed over non-secure transport. In practice, I have a lot of hosts that are behind an Amazon load balancer that where requests from ports 443 and

  • HSTS Strict Transport Security: Include base domainJanuary 7

    I configured my apache webserver to use HSTS Strict Transport Security. If my domain is example.com, most people visit my website over the subdomain www.example.com. Hence, Strict Transport Security is only required for www.example.com and its subdom

  • Does HSTS HTTP Strict-Transport-Security has to be sent with any response file?February 7

    I have to add security measures to a website running a Tomcat 6 application server. One of it is adding the HTTP Strict-Transport-Policy Header. I did this by adding a filter which is in turn adding this header to any response. But there is static co

  • What is the status of forced HTTPS everywhere (Strict transport security) via DNS? I only see the July 2010 draftOctober 25

    I'm trying to find the most recent RFC on HSTS in DNS (or rather said DNSSEC), but can only find this year old one in expired draft status Where can I find the most current guidance on STS in DNS? If it's not available yet, how can I keep informed of

  • CloudFlare and Avast strict transportAugust 10

    This weekend, we started using CloudFlare*. One of our users is reporting that Avast, the anti-virus software, has blocked our site due to a certificate error. Presumably this is because our certificate has changed -- we are now using the certificate

  • How critical is App Transport Security?September 14

    As we've probably all heard, App Transport Security in iOS 9 requires: TLS 1.2 or better Forward secrecy ciphers SHA256 or better with >= 2048-bit RSA or >= 256-bit ECC key Google and Facebook both request that developers turn off App Transport Secu

  • Getting App Transport Security problems

    Getting App Transport Security problemsJanuary 22

    Hey i'm getting this error: App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file. When trying to fetch an image from the web, i know th

  • How to stop App Transport Security error in rspec/capybaraJanuary 27

    I am using rails with rspec and capybara. One of my tests gives the following message 2016-01-28 08:56:07.805 webkit_server[31376:18902667] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temp

  • Opting out the App Transport Security feature in iOS applicationFebruary 2

    Starting from iOS 9 sdks, apple introduced a security feature called App Transport Security which is enabled by default. The system fails when it attempts to connect to insecure HTTP. For now we have opted out this feature by setting the value of "Ap

  • iOS app communicating with https only and Apple Transport Security ImpactFebruary 3

    My question is related to Apple Transport Security (ATS) and it's impact on my configuration. I am confused as to what happens if I don't comply with it. I have an iOS app, which communicates with a server and an API that enforces only https connecti

Copyright (C) 2018 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 11 q. 0.578 s.