Difference between revisions of "HTTP Strict Transport Security (HSTS)"
Jump to navigation
Jump to search
| (9 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | [[wikipedia:HTTP Strict Transport Security]] (HSTS) is a web security '''policy mechanism''' that helps to protect websites against protocol downgrade attacks and [[cookie hijacking]]. | + | [[wikipedia:HTTP Strict Transport Security]] (HSTS) ([[2012]]) is a web security '''policy mechanism''' that helps to protect websites against protocol downgrade attacks and [[cookie hijacking]]. |
| + | <code>Strict-Transport-Security: max-age=31536000; includeSubDomains</code> | ||
| + | |||
| + | |||
| + | |||
| + | == Related terms == | ||
| + | * Read: https://security.googleblog.com/2017/09/broadening-hsts-to-secure-more-of-web.html | ||
| + | * [[Clickjacking]] | ||
| + | * [[CORS]] | ||
| + | * [[your connection is not private]] | ||
| + | * [[ingress-nginx-controller]] | ||
== See also == | == See also == | ||
| + | * {{HSTS}} | ||
* {{HTTPS}} | * {{HTTPS}} | ||
| + | * {{CA}} | ||
[[Category:Web]] | [[Category:Web]] | ||
[[Category:Security]] | [[Category:Security]] | ||
Latest revision as of 11:49, 6 February 2024
wikipedia:HTTP Strict Transport Security (HSTS) (2012) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking.
Strict-Transport-Security: max-age=31536000; includeSubDomains
Related terms[edit]
- Read: https://security.googleblog.com/2017/09/broadening-hsts-to-secure-more-of-web.html
- Clickjacking
- CORS
- your connection is not private
- ingress-nginx-controller
See also[edit]
- HSTS, CORS, Clickjacking, cookie hijacking
- HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL, WebSockets, WebRTC,ssl_certificateQUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure, Axios HTTP client, HTTP cookies, HTTP ETag - CA, FreeIPA, PKI, OpenCA, Wildcard certificate,
certtool,certbot(Let's Encrypt),certinfo(Cloudflare), ACME, Boulder,cfssl(Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN),openssl ca, Self signed certificate, CSR,keytool, ACM, KMS,aws acm, IdenTrust, multirootca, cert-manager
Advertising:
