search

samyk / evercookie

Produces persistent, respawning "super" cookies in a browser, abusing over a dozen techniques. Its goal is to identify users after they've removed standard cookies and other privacy data such as Flash cookies (LSOs), HTML5 storage, SilverLight storage, and others.
https://samy.pl/evercookie/
4.42k stars 663 forks source link

HSTS Cookie #133

Open Frige1 opened 5 years ago

Frige1 commented 5 years ago

Hey, maybe i missunderstand but can someone explain me the usage of the hsts cookie?

Options: hsts: true, hsts_domains: ['/php/hsts_cookie.php','',''], for example a 4?

or how i have to setup the domains? What i have to do for the hsts_domains[]?

SleepProgger commented 4 years ago

A year later, but hey better than never: hsts_domains needs to be an array containing the path to multiple urls to /php/hsts_cookie.php or equivalent server side script, each on its own domain. I.e something like ['http://hsts1.foo.com/hsts_cookie.php', 'http://hsts2.foo.com/hsts_cookie.php', 'http://hsts3.foo.com/hsts_cookie.php', ....]

Each domain can store one bit of information. So if you want to store a 32bit integer you'd need 32 domains, or a wildcard domain. (Nowadays easy to get from letsencrypt)