~dbalan/blogng unlisted

25409c9c7c4caad09e8f8bc7c4c43e770c48fee1 — Dhananjay Balan 2 years ago a6ba9db
More edits to the HSTS post.
1 files changed, 5 insertions(+), 3 deletions(-)

M blog/2019-04-08-notes-on-hsts.markdown
M blog/2019-04-08-notes-on-hsts.markdown => blog/2019-04-08-notes-on-hsts.markdown +5 -3
@@ 9,8 9,10 @@ tags: hsts, security, privacy
HTTP Strict Transport Secrity is a mechanism for sites to signal that
they would only be serving a secure transport (read: TLS) to serve
content from these domains. HSTS is defined in
[RFC6797](https://tools.ietf.org/html/rfc6797). HSTS is really cool
considering how easy is to enable it!
[RFC6797](https://tools.ietf.org/html/rfc6797).

HSTS is easy to enable, and its really cool how much of an impact it
has to improve security.

So how does it work? The secure version of the site sends an extra HTTP header



@@ 24,7 26,7 @@ To an HSTS aware client (i.e all mordern browsers) this means

client can now cache this information, and if you ever get the
non-secure version of the site - know that someones tampering with the
site.
connection.

But max age is only one of the directive, there are more.
1. `includeSubdomains` directive: Tells your browser that apply the