Difference between revisions of "HTTP Strict Transport Security (HSTS)"
Jump to navigation
Jump to search
| (5 intermediate revisions by the same user not shown) | |||
| Line 10: | Line 10: | ||
* Read: https://security.googleblog.com/2017/09/broadening-hsts-to-secure-more-of-web.html | * Read: https://security.googleblog.com/2017/09/broadening-hsts-to-secure-more-of-web.html | ||
* [[Clickjacking]] | * [[Clickjacking]] | ||
| + | * [[CORS]] | ||
| + | * [[your connection is not private]] | ||
| + | * [[ingress-nginx-controller]] | ||
| + | * [[Content-Security-Policy (CSP)]] | ||
== See also == | == See also == | ||
| + | * {{HSTS}} | ||
* {{HTTPS}} | * {{HTTPS}} | ||
* {{CA}} | * {{CA}} | ||
Latest revision as of 10:26, 11 August 2024
wikipedia:HTTP Strict Transport Security (HSTS) (2012) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking.
Strict-Transport-Security: max-age=31536000; includeSubDomains
Related terms[edit]
- Read: https://security.googleblog.com/2017/09/broadening-hsts-to-secure-more-of-web.html
- Clickjacking
- CORS
- your connection is not private
- ingress-nginx-controller
- Content-Security-Policy (CSP)
See also[edit]
- HSTS, CORS, Clickjacking, cookie hijacking
- HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL, WebSockets, WebRTC,ssl_certificateQUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1 - CA, Root Certificates, FreeIPA, PKI, OpenCA, Wildcard certificate,
certtool,certbot(Let's Encrypt),certinfo(Cloudflare), ACME, Boulder,cfssl(Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN),openssl ca, Self signed certificate, CSR,keytool, ACM, KMS,aws acm, IdenTrust, multirootca, cert-manager, ca_cert_identifier
Advertising:
