HTTP Strict Transport Security

I just learned about this new web security mechanism while reading about the new features for Firefox 4. Some have described this as being a replacement for HTTPS, but it's actually more like an add-on or Plug-in.

https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_Strict_Transport_Security

HTTP Strict Transport Security (HSTS) is a proposed web security policy mechanism where a web server declares that complying user agents (such as a web browser) are to interact with it using secure connections only (such as HTTPS). The policy is communicated by the server to the user agent via a HTTP response header field named "Strict-Transport-Security". The policy specifies a period of time during which the user agent shall access the server in only secure fashion.[1]

Firefox joins Chrome in supporting HTTP Strict Transport Security (HSTS) | InfoSecMedia.org

Although the Firefox team has an entire page on the mozilla.com website dedicated to thenew security features in Firefox 4, they seem to have forgotten to mention HTTP Strict Transport Security (HSTS).

While HSTS may not be the sexiest security feature for the average Joe, I was thrilled to see it implemented in the world’s second most popular browser. Google Chrome has supported HSTS since September, 2009 in versions 4.0.211.0 and higher.

What is HSTS? Currently it is a draft RFC that tries to address some of the insecurities present in the HTTPS specification.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

chrisone

good its already running on Chrome, then i dont need to DL another browser