HTTP Strict Transport Security
veritas_libertas
Member Posts: 5,746 ■■■■■■■■■■
in Off-Topic
I just learned about this new web security mechanism while reading about the new features for Firefox 4. Some have described this as being a replacement for HTTPS, but it's actually more like an add-on or Plug-in.
https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_Strict_Transport_Security
https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_Strict_Transport_Security
Firefox joins Chrome in supporting HTTP Strict Transport Security (HSTS) | InfoSecMedia.orgHTTP Strict Transport Security (HSTS) is a proposed web security policy mechanism where a web server declares that complying user agents (such as a web browser) are to interact with it using secure connections only (such as HTTPS). The policy is communicated by the server to the user agent via a HTTP response header field named "Strict-Transport-Security". The policy specifies a period of time during which the user agent shall access the server in only secure fashion.[1]
Although the Firefox team has an entire page on the mozilla.com website dedicated to thenew security features in Firefox 4, they seem to have forgotten to mention HTTP Strict Transport Security (HSTS).
While HSTS may not be the sexiest security feature for the average Joe, I was thrilled to see it implemented in the world’s second most popular browser. Google Chrome has supported HSTS since September, 2009 in versions 4.0.211.0 and higher.
What is HSTS? Currently it is a draft RFC that tries to address some of the insecurities present in the HTTPS specification.
Comments
-
chrisone Member Posts: 2,278 ■■■■■■■■■□good its already running on Chrome, then i dont need to DL another browserCerts: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX