-
### What problem are you facing?
Notesnook domain should be enabled for pre-loading on HSTS :
https://datatracker.ietf.org/doc/html/rfc6797
It's an additional, basic security measure that's fast…
-
[Example deafsluitdijk.nl](https://internet.nl/site/deafsluitdijk.nl/2186111/#control-panel-10)
```none
Strict-Transport-Security: : max-age=31536000; IncludeSubDomains
```
Note the extra `:`, I c…
-
See https://discourse.ros.org/t/enforce-https-on-ros-wiki/4439
Related issues:
* #272
* #263
* #250
dhood updated
4 years ago
-
If I query:
https://observatory.mozilla.org/analyze.html?host=bugzilla.mozilla.org
It will tell me that it's preloaded. However, if I make that same API request like so:
https://observatory.mozill…
april updated
8 years ago
-
I don't think HSTS gets cleared when you clear cookies or storage in browsers today. And I don't think it should given that it opens the user up to attacks.
If we're saying HSTS should be part of O…
-
https://hstspreload.org/ is using HTTPS, but is not using the full protection of HSTS preloading:
- https://scotthelme.co.uk/hsts-the-missing-link-in-tls/?ref=scotthelme.co.uk
- https://scotthelme…
-
Spoke with @lgarron, the brains behind devtools security panel to better understand a comprehensive view of security testing.
### HTTPS redirect.
Because of HSTS, we cannot fully trust this brows…
-
* First set up some basic functionality and test increasing the max-age in the Strict-Transport-Security header.
* Add the site here after following the requirements: https://hstspreload.org/
-
Which browsers support HSTS preload? Basically which browsers have enabled HSTS without most visitors who type in the address (without protocol) visiting the website once first on a secure connection.…
-
https://drive.google.com/drive/folders/1BHO0cG7YaMluNvYFI2oJFtElKmlNIzjB
Report Name: Production - https:/smartpay-889-prod.app.cloud.gov/ - January 2024