Support HSTS and turn on by default #39

tim-seoss · 2021-05-13T10:45:36Z

https web servers should support RFC 6797 "HTTP Strict Transport Security (HSTS)".

This should probably be on by default, and also default to a sensible time period (e.g. 2 years). A command-line switch could optionally disable HSTS (e.g. --hsts-seconds=0).

https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it

The text was updated successfully, but these errors were encountered:

joseluisq · 2021-05-13T11:16:51Z

Yeah, that's good idea since this normally tends to happen at proxy level.

joseluisq · 2021-06-22T22:13:36Z

Feature request released on v2.0.0-beta.5

tim-seoss · 2021-06-23T06:35:37Z

I'll check it out, thanks!

joseluisq added enhancement New feature or request help wanted Extra attention is needed v2 v2 release labels May 13, 2021

joseluisq self-assigned this Jun 11, 2021

joseluisq removed the help wanted Extra attention is needed label Jun 11, 2021

joseluisq mentioned this issue Jun 11, 2021

Security headers for HTTP/2 by default #44

Merged

5 tasks

joseluisq closed this as completed in #44 Jun 11, 2021

joseluisq added the beta It will be included in a beta release label Jun 22, 2021

joseluisq removed the beta It will be included in a beta release label Jul 17, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support HSTS and turn on by default #39

Support HSTS and turn on by default #39

tim-seoss commented May 13, 2021

joseluisq commented May 13, 2021

joseluisq commented Jun 22, 2021

tim-seoss commented Jun 23, 2021

Support HSTS and turn on by default #39

Support HSTS and turn on by default #39

Comments

tim-seoss commented May 13, 2021

joseluisq commented May 13, 2021

joseluisq commented Jun 22, 2021

tim-seoss commented Jun 23, 2021