|
|
| (41 intermediate revisions by 18 users not shown) |
| Line 1: |
Line 1: |
| − | {{Template:Stub}}
| + | #REDIRECT [[HTTP_Strict_Transport_Security_Cheat_Sheet]] |
| − | | |
| − | <br>
| |
| − | | |
| − | == Description ==
| |
| − | | |
| − | HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS.
| |
| − | | |
| − | <br>
| |
| − | | |
| − | == Examples ==
| |
| − | | |
| − | Example of the HTTP strict transport security header
| |
| − | | |
| − | Strict-Transport-Security: max-age=60000
| |
| − | | |
| − | == Browser Support ==
| |
| − | | |
| − | {| width="400" cellspacing="1" cellpadding="1" border="1"
| |
| − | |-
| |
| − | | '''Browser'''<br>
| |
| − | | '''Lowest Version Supported'''<br>
| |
| − | |-
| |
| − | | Internet Explorer <br>
| |
| − | | no support<br>
| |
| − | |-
| |
| − | | Firefox<br>
| |
| − | | 4<br>
| |
| − | |-
| |
| − | | Opera<br>
| |
| − | | 10.50<br>
| |
| − | |-
| |
| − | | Safari<br>
| |
| − | | 4.0<br>
| |
| − | |-
| |
| − | | Chrome<br>
| |
| − | | 4.0.211.0<br>
| |
| − | |}
| |
| − | | |
| − | <br>
| |
| − | | |
| − | == Links ==
| |
| − | | |
| − | [http://www.w3.org/Security/wiki/Strict_Transport_Security HSTS Spec] | |
| − | | |
| − | [http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security Wikipedia.org entry] | |
| − | | |
| − | [https://developer.mozilla.org/en/Security/HTTP_Strict_Transport_Security MDN Docs for HSTS]
| |
| − | | |
| − | [https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet OWASP TLS Protection Cheat Sheet]
| |
| − | | |
| − | [[Category:Control|Control]]
| |
