-
Would it be appropriate to remove all data with the `HSTS` feature code?
ie. https://pelias.github.io/compare/#/v1/place?ids=geonames%3Avenue%3A7874625
```
HSTS | historical site | a place of his…
-
RFC 6797 support
-
**Missing_HSTS_Header** issue exists @ **LessonSource.java** in branch **master**
*The web-application does not define an HSTS header, leaving it vulnerable to attack.Similarity ID: -1024170121*
…
-
transport_security_state_static.json includes entries that are not considered by Google to be HSTS. The ones that are will have the property "mode" with the value "force-https". Only these entries sho…
-
While the ASP.NET repository comes with all required infrastructure to support a web application to emit HTTP Strict Transport Security (HSTS) headers that browsers can use to adhere to [the applicabl…
-
Opening a new issue, forking #407 since I initially thought it was the same but mine is different it looks like.
I need to set "NEXTAUTH_URL" to a reverse proxied full domain name using HSTS with a L…
-
Currently, the default value for HTTP Strict Transport Security (HSTS) max-age is set to 30 days.
https://github.com/dotnet/aspnetcore/blob/410efd482f494d1ab05ce25b932b5788699c2308/src/Middleware/Htt…
ghost updated
7 months ago
-
https://hstspreload.org/ is using HTTPS, but is not using the full protection of HSTS preloading:
- https://scotthelme.co.uk/hsts-the-missing-link-in-tls/?ref=scotthelme.co.uk
- https://scotthelme…
-
Routes could be configured to return the HSTS header by using the `hsts` field. The format was:
```
environments:
main:
routes:
- nginx:
- "www.example.com":
h…
-
So, I implemented HSTS and got approved on hstspreload.org, but I can't seem to get my last +5 for 135/135 score.
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload
At fir…