Options

HTTP Strict Transport Security

veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
in Off-Topic
I just learned about this new web security mechanism while reading about the new features for Firefox 4. Some have described this as being a replacement for HTTPS, but it's actually more like an add-on or Plug-in.

https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_Strict_Transport_Security
HTTP Strict Transport Security (HSTS) is a proposed web security policy mechanism where a web server declares that complying user agents (such as a web browser) are to interact with it using secure connections only (such as HTTPS). The policy is communicated by the server to the user agent via a HTTP response header field named "Strict-Transport-Security". The policy specifies a period of time during which the user agent shall access the server in only secure fashion.[1]
Firefox joins Chrome in supporting HTTP Strict Transport Security (HSTS) | InfoSecMedia.org
Although the Firefox team has an entire page on the mozilla.com website dedicated to thenew security features in Firefox 4, they seem to have forgotten to mention HTTP Strict Transport Security (HSTS).


While HSTS may not be the sexiest security feature for the average Joe, I was thrilled to see it implemented in the world’s second most popular browser. Google Chrome has supported HSTS since September, 2009 in versions 4.0.211.0 and higher.


What is HSTS? Currently it is a draft RFC that tries to address some of the insecurities present in the HTTPS specification.
· Share on FacebookShare on Twitter

Comments

  • Options
    chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    good its already running on Chrome, then i dont need to DL another browser icon_lol.gif
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
    · Share on FacebookShare on Twitter
Sign In or Register to comment.