Difference between revisions of "HTTP Strict Transport Security (HSTS)"
Jump to navigation
Jump to search
(10 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | [[wikipedia:HTTP Strict Transport Security]] (HSTS) is a web security '''policy mechanism''' that helps to protect websites against protocol downgrade attacks and [[cookie hijacking]]. | + | [[wikipedia:HTTP Strict Transport Security]] (HSTS) ([[2012]]) is a web security '''policy mechanism''' that helps to protect websites against protocol downgrade attacks and [[cookie hijacking]]. |
+ | <code>Strict-Transport-Security: max-age=31536000; includeSubDomains</code> | ||
+ | |||
+ | |||
+ | |||
+ | == Related terms == | ||
+ | * Read: https://security.googleblog.com/2017/09/broadening-hsts-to-secure-more-of-web.html | ||
+ | * [[Clickjacking]] | ||
+ | * [[CORS]] | ||
+ | * [[your connection is not private]] | ||
+ | * [[ingress-nginx-controller]] | ||
+ | * [[Content-Security-Policy (CSP)]] | ||
== See also == | == See also == | ||
+ | * {{HSTS}} | ||
* {{HTTPS}} | * {{HTTPS}} | ||
+ | * {{CA}} | ||
[[Category:Web]] | [[Category:Web]] | ||
[[Category:Security]] | [[Category:Security]] |
Latest revision as of 10:26, 11 August 2024
wikipedia:HTTP Strict Transport Security (HSTS) (2012) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking.
Strict-Transport-Security: max-age=31536000; includeSubDomains
Related terms[edit]
- Read: https://security.googleblog.com/2017/09/broadening-hsts-to-secure-more-of-web.html
- Clickjacking
- CORS
- your connection is not private
- ingress-nginx-controller
- Content-Security-Policy (CSP)
See also[edit]
- HSTS, CORS, Clickjacking, cookie hijacking
- HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL
, WebSockets, WebRTC,ssl_certificate
QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure
, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1 - CA, Root Certificates, FreeIPA, PKI, OpenCA, Wildcard certificate,
certtool
,certbot
(Let's Encrypt),certinfo
(Cloudflare), ACME, Boulder,cfssl
(Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN),openssl ca
, Self signed certificate, CSR,keytool
, ACM, KMS,aws acm
, IdenTrust, multirootca, cert-manager, ca_cert_identifier
Advertising: