Approved HTTP Strict Transport Security (HSTS)

Kieran

Tag me
Contributor
Joined
Jan 1, 2016
Messages
459
Likes
320
Points
122
#1
Since I started playing with HTTP and HTTPS on my own server for some extra security and fun, I thought it would be nice to have HSTS on the r4p3 forum too.

It makes it more secure and will prevent cookie hijacking and downgrade attacks.
So you'll always be secure on R4P3.
Additionally, an idea would be to go a step further and use HSTS preload.
You do not have permission to view link Log in or register now.


Adding HSTS is really easy so I can't really see anything against it.

Also, this would get R4P3 the A+ on SSLLabs :p
You do not have permission to view link Log in or register now.
 

Kleberstoff

Knowledge Seeker
Joined
Dec 29, 2015
Messages
317
Likes
217
Points
103
Age
19
Location
Germany
#2
Since I started playing with HTTP and HTTPS on my own server for some extra security and fun, I thought it would be nice to have HSTS on the r4p3 forum too.

It makes it more secure and will prevent cookie hijacking and downgrade attacks.
So you'll always be secure on R4P3.
Additionally, an idea would be to go a step further and use HSTS preload.
You do not have permission to view link Log in or register now.


Adding HSTS is really easy so I can't really see anything against it.

Also, this would get R4P3 the A+ on SSLLabs :p
You do not have permission to view link Log in or register now.
I don't see anything that would go against it. I would love to hear @Asphyxia's Opinion on it as well.
 

Asphyxia

Server Monkey
Administrator
Joined
Apr 25, 2015
Messages
944
Likes
1,411
Points
217
Age
25
Location
North America
#8
I think for preload every sub domain needs https, we could do that easily with certbot I guess
 

Kieran

Tag me
Contributor
Joined
Jan 1, 2016
Messages
459
Likes
320
Points
122
#11
That will be very nice, I look forward to it!
Yesss we all do! It will reduce my entries in my cert to 5 instead of 25 xD
Got many subdomains and I'm waiting for this feature for such a long time.

Preload sounds good. Never knowingly visited a site with preload before
 

Asphyxia

Server Monkey
Administrator
Joined
Apr 25, 2015
Messages
944
Likes
1,411
Points
217
Age
25
Location
North America
#12
Yesss we all do! It will reduce my entries in my cert to 5 instead of 25 xD
Got many subdomains and I'm waiting for this feature for such a long time.

Preload sounds good. Never knowingly visited a site with preload before
Same cert requirements make it hard
 

Top