Difference between revisions of "HTTP Strict Transport Security (HSTS)"
Jump to navigation
Jump to search
Line 13: | Line 13: | ||
* [[your connection is not private]] | * [[your connection is not private]] | ||
* [[ingress-nginx-controller]] | * [[ingress-nginx-controller]] | ||
+ | * [[Content-Security-Policy (CSP)]] | ||
== See also == | == See also == |
Latest revision as of 10:26, 11 August 2024
wikipedia:HTTP Strict Transport Security (HSTS) (2012) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking.
Strict-Transport-Security: max-age=31536000; includeSubDomains
Related terms[edit]
- Read: https://security.googleblog.com/2017/09/broadening-hsts-to-secure-more-of-web.html
- Clickjacking
- CORS
- your connection is not private
- ingress-nginx-controller
- Content-Security-Policy (CSP)
See also[edit]
- HSTS, CORS, Clickjacking, cookie hijacking
- HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL
, WebSockets, WebRTC,ssl_certificate
QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure
, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1 - CA, Root Certificates, FreeIPA, PKI, OpenCA, Wildcard certificate,
certtool
,certbot
(Let's Encrypt),certinfo
(Cloudflare), ACME, Boulder,cfssl
(Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN),openssl ca
, Self signed certificate, CSR,keytool
, ACM, KMS,aws acm
, IdenTrust, multirootca, cert-manager, ca_cert_identifier
Advertising: