Stack Overflow
Stack Overflow

Questions tagged [hsts]

HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents are to interact with it using only secure HTTPS connections.

HSTS is based on research done by Adam Barth and Colin Jackson on the ForceHTTPS protocol starting in 2008, which evolved into the ForceTLS protocol and finally the HSTS protocol.

References

326 questions
0
votes
1 answer

Stop HSTS HTTPS Enforcement

So I placed this in my Global.asax.cs to enforce HTTPS using HSTS protected void Application_BeginRequest(Object sender, EventArgs e) { if (!Request.IsLocal && AppSettings.IsSSLEnforced) { switch (Request.Url.Scheme) …
cb1295
  • 733
  • 4
  • 18
  • 36
0
votes
0 answers

Does Chrome actually preload HSTS?

I'm using Chrome Version 32.0.1700.107 under Ubuntu 14.04.2 LTS. If I clear my cache, it looks like no domains stay in the HSTS set, although some should be preloaded. I'm using what I consider safe, old domains, such as mail.google.com, but under…
ezequiel-garzon
  • 3,047
  • 6
  • 29
  • 33
0
votes
1 answer

Force HTST cache reset from webserver

I'm using nginx as reverse proxy and nodejs for the application. I want to know is there any solutions to force HSTS or HTTPS Strict Transport Security from webserver? I don't want to ask users to reset their browser cache because its really…
Afshin Mehrabani
  • 33,262
  • 29
  • 136
  • 201
-1
votes
1 answer

JasperReport PDF displayed unrecognized binary after hardening Tomcat 7 web.xml

Trust all well. Actually, I want to do a security enhancement on my mixed spring roo and spring mvc web application on tomcat 7. After I changed and put a piece of code as per below at web.xml tomcat:
epiziv
  • 153
  • 1
  • 2
  • 8
-1
votes
1 answer

Adding strict transport security header to AWS ELB 5XX pages

I have application running on EC2 behind a Application ELB with all security HTTP headers set at server level. I shutdown the EC2 during non-working hours and turn them back on during working hours. Our security team scans the application during…
APARNA J
  • 1
-1
votes
1 answer

Why does Google Chrome automatically redirect `http://app` to `https://app` but doesn't do that to `http://app2` or `http://napp`?

Environment: Ubuntu 18.04.6 Desktop 64-bit Google Chrome 98.0.4758.80 (Official Build) (64-bit) FireFox 92.0 (64-bit) What I did: Install apache2 (so it starts a default local website that I can access at http://localhost). Edit /etc/hosts and…
yaobin
  • 2,436
  • 5
  • 33
  • 54
-1
votes
2 answers

Is there a way to install Let's Encrypt certificate on .dev domain?

I have a Wordpress blog that is hosted on VPS using LEMP Stack (on Ubuntu 20.04). The domain (underthesun.dev) is already matched to VPS server (FTP and ping is ok, so DNS records are seem to be correct), but there is an HSTS technology that I have…
Ilia Soloveychik
  • 71
  • 1
  • 10
-1
votes
1 answer

How to Disable Internet Explorer Hsts on Windows 10

Kb4487020 update installed on windows 10 1703 computer. Then the internet explorer http page to https convert and the page does not open. This is the same problem with Windows 7 February Montly Update. Registry made the change on this problem has…
Armagan S.
  • 1
  • 1
  • 2
-1
votes
1 answer

ttf and woff files are not using the HSTS

In my project, HSTS is enabled. So if someone is tryig to use the site using the HTTP then it redirects to HTTPS. After the Security scan, it is reported that ttf, woff and woff2 files are ignoring the HSTS. Example 1: On Google Crome if i am…
DS9
  • 2,995
  • 4
  • 52
  • 102
-1
votes
1 answer

How to set response Header of non HTML files such as js files for ex. jquery.js files

I am able to set HSTS header in each JSP page using below code snippet <% response.setHeader("Strict-Transport-Security" ,"max-age=7776000" );%> but Unable to set HSTS header for one of my js files in my code which was reported by Security scan…
Saurabh Gupta
  • 1
-2
votes
1 answer

Unit test for Filter class

I am trying to write unit tests for the following Filter class, but I am not sure how it can be done. I am working on a Spring project and trying to fix a vulnerability, that is why I am using this class. public class HSTSFilter implements Filter { …
H-Bar
  • 51
  • 4
1 2 3
21
22