-
We enabled HSTS around 2024-08-29 but now (2024-10-10) it is no longer working. The header is no longer sent. This applies to both the `*.azurewebsites.net` domain and our custom domain.
We have made…
-
Some websites employ HSTS and therefore cannot be reliably used for mimicking. The scanner would benefit from checking domains against the HSTS lists.
-
```
HSTS subdomain overwrites parent cache entry
============================================
Project curl Security Advisory, November 6th 2024 -
[Permalink](https://curl.se/docs/CVE-2024-9681.h…
-
• Description: Missing HSTS and X-Content-Type-Options headers could expose the application to man-in-the-middle attacks and content injection. Additionally, an outdated JavaScript library (Bootstrap)…
-
**Issue Summary**
Our Flask application currently does not set the Strict-Transport-Security (HSTS) header, which results in a security warning. The absence of this header means that browsers do no…
-
May I ask which RESIDE dataset you used in setting2, ITS, OTS, SOTS or HSTS? Thank you
-
**Is your feature request related to a problem? Please describe.**
I don't use authentik through reverse proxy, as it adds some extra complication, and it was easier to run it in a VM with its own IP…
-
While the ASP.NET repository comes with all required infrastructure to support a web application to emit HTTP Strict Transport Security (HSTS) headers that browsers can use to adhere to [the applicabl…
-
### Platforms
all
### Description
Allowing HSTS to operate on localhost can be confusing for devs. We could consider adding a flag to make localhost an exception so that HSTS doesn't work there.
-
RFC: https://datatracker.ietf.org/doc/html/rfc6797
Any idea of a configuration directive specifying HSTS for an app in TOML file?