-
Cloudsec report: https://github.com/mozilla-services/cloudsec/wiki/Latest-shavar.services.mozilla.com
MDN article: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Securit…
-
## Environment & Version
### Environment
- [x] docker compose
- [ ] kubernetes
- [ ] docker swarm
### Version
- Version: 2.0
## Description
Currently Mailu adds `Strict-Transport-Sec…
-
Issue Level: Moderate
First Discovered: 1/22/2022
Remediation Date: 4/22/2022
-
The web servers for badgr-dev2.edubadges.nl do not respond with an HTTP Strict-Transport-Security header. This means there isn't a Strict Transport Security policy in place.
-
For increasing security I recommend to enable HTST. See https://www.owasp.org/index.php/HTTP_Strict_Transport_Security or https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_se…
deepj updated
8 years ago
-
Which browsers support HSTS preload? Basically which browsers have enabled HSTS without most visitors who type in the address (without protocol) visiting the website once first on a secure connection.…
-
standup should implement HTTP Strict Transport Security to disable HTTP traffic
This should be done after HTTPS has been proven to work well, starting with a relatively low TTL, then increasing the TT…
-
Implemented in vimb2 already. The code [1] can be used as a reference.
[1] https://github.com/fanglingsu/vimb/blob/master/src/setting.c#L889
[2] https://github.com/fanglingsu/vimb/blob/master/src/…
-
Please support HSTS in chartmuseum. This is necessary for us to meet the security compliance requirements.
Ref: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTTP_Strict_Transpo…
-
Issue Level: Moderate
First Discovered: 1/22/2022
Remediation Date: 4/22/2022