-
For increasing security I recommend to enable HTST. See https://www.owasp.org/index.php/HTTP_Strict_Transport_Security or https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_se…
deepj updated
8 years ago
-
Issue Level: Moderate
First Discovered: 1/22/2022
Remediation Date: 4/22/2022
-
Trying https://fowardemail.net there is a 302 redirect to `https://forwardemail.net/` (e.g. https://forwardemail.net/en) where hsts header is present
>Strict-Transport-Security: max-age=31557600; inc…
-
I've been trying to set up HSTS headers on my pod, following the advice on [https://hstspreload.org/](https://hstspreload.org/) for setting up and testing HSTS preloading. But after lots of explorati…
-
drHEADer version: 1.7.0
DrHEADer supports to evaluate HSTS (Strict-Transport-Security). For this header, the value "max-age" is needed. As soon as the max-age is not exactly equal to the value from…
-
Report Name: Production - https://smartpay.gsa.gov/ - January 2024
https://drive.google.com/drive/folders/1BHO0cG7YaMluNvYFI2oJFtElKmlNIzjB
-
Because it also effects Threema Web, I thought to create the issue here.
Please add the `preload` and `includeSubdomains` directives on all Threema websites.
Then, when you have met all requiremen…
-
In your nginx/etc server config can you add:
`add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";`
This will prevent TLS downgrades when browsing slimerjs.org
-
After some time we should revisit our changes from #225 and add `preload` directive as well as increasing `max-age` to 3 months.
-
Hello,
please explain what is "Static Public Key Pinning":
https://www.ssllabs.com/ssltest/analyze.html?d=dns.google&s=8.8.8.8&hideResults=on
I know what is Public Key Pinning (HPKP), but not "…
ammnt updated
3 years ago