Questions tagged [hsts]

HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents are to interact with it using only secure HTTPS connections.

HSTS is based on research done by Adam Barth and Colin Jackson on the ForceHTTPS protocol starting in 2008, which evolved into the ForceTLS protocol and finally the HSTS protocol.

References

326 questions

votes

0 answers

Why am I getting HSTS error in virtual host?

I have created a virtual host on my windows machine but whenever I enter the link I get an HSTS error: I am using XAMPP to run the PHP server. My configuration is as follows : The hosts file in C:\WINDOWS\System32\drivers\etc : The httpd conf…

asked May 10 '22 at 01:48

Starnec

votes

1 answer

Azure devop .Net Core build can not find timespan

My project is .Net Core 3.1 and I'm using azure devop task called .Net Core to build my code. I get this error: ##[error]projectNameSpace\Startup.cs(47,34): Error CS0103: The name 'TimeSpan' does not exist in the current context …

c# asp.net-mvc .net-core azure-devops hsts

asked May 04 '22 at 15:43

SmallWorld

votes

0 answers

Xampp setup with multihost - cannot open page because it says it wants to use HTTP Strict Transport Security (HSTS)

I am using xampp and created a multihost setup. When I open my page it says it wants to use HTTP Strict Transport Security (HSTS) and cannot use the page. How can I disable that it wants to use https for opening the page?

wordpress apache xampp hsts

asked Mar 30 '22 at 11:33

user1664377

votes

0 answers

AWS - 1 subdomains don't support HSTS

I have this notice in the Semrush saying '1 subdomains don't support HSTS' I am able to remove this notice by removing the following lines from RewriteEngine On RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] RewriteCond %{HTTP_HOST}…

amazon-web-services hsts

asked Feb 07 '22 at 22:20

user979331

11,039
73
223
418

votes

1 answer

How to enable HSTS header for HTTPS only in lighttpd config?

I want to enable HSTS header for my lighttpd server. As per the this article, the HSTS header does get set, but I can see that the server sends this header even in responses over HTTP (non-secure transport). As specified in RFC 6797: An HSTS Host…

http-headers lighttpd hsts

asked Dec 20 '21 at 09:41

Hrishikesh Bawane

votes

1 answer

Enable HSTS with Spring Boot does not work

I have a spring boot application I would like to enable HSTS I added the documented settings to my SecurityConfiguration (see below), but HSTS header is not appearing. What am I doing…

spring-boot spring-security hsts

asked Dec 15 '21 at 10:24

mcfly soft

11,289
26
98
202

votes

0 answers

Tomcat 9 HSTS configuration not working in port 8880

Have modified the TOMCAT/conf/web.xml file to set up HSTS in the tomcat application server.