What is HSTS? HSTS Optimization Guide

[ad_1]

What is HSTS?

What is hst?

HSTS (HTTP Strict Transport Security) is a security protocol that requires all connections to a website to be encrypted using the HTTPS protocol. Currently, Google applies HSTS to 45 top-level domains, including domains ending in .google, .how, and .soy. HTTPS is an essential part of ensuring secure access to websites. Prevent attacks by intercepting requests, modifying or manipulating information between users and websites.

When we visit a website using http, data is first sent to the web server unencrypted. If this site is secured by https. It will send an immediate redirect request to the browser, to the URL with https://domain.com. But prior to redirection, requests sent over http can be hacked by intercepting the request and modifying the information in the request, resulting in the loss of session information about the site visit.

HSTS attempts to combat this potential vulnerability by telling the browser that this domain can only be accessed using HTTPS. When a site is HSTS enabled. When accessing this website via http, the browser will no longer send requests to the web server via http. Which web browser will automatically redirect to https and send request through https protocol to server. This is the answer to the question What is HSTS?? Now let’s see how HSTS works.

How does HSTS work?

How does hsts work?

When a user accesses the site via https or is redirected from http to https. The web server sends an HSTS header to the browser and saves this header for further requests. Then, if the user continues to visit the http://domain.com website, the browser will automatically redirect to https://domain.com. And send an access request to the web server via the secure https protocol. Instead of http, there is no HSTS. So do you know how HSTS works? Let’s find out how HSTS Optimization Please.

Optimization of HSTS

HST

HSTS can increase the security of a website by requiring the browser to always use https for that page. However, HSTS is not a perfect solution to completely solve the problem of session hijacking when accessing HTTP. Users remain vulnerable if they visit a website protected by HSTS over HTTP when they have:

I have never visited this website
Reset browser
Use a new browser or device
Clear browser cache
Use an incognito browser

To solve this problem, Google uses the “HSTS preload list”. Group web domains and subdomains that use HSTS and are sent to https://hstspreload.appspot.com/. This list of domains is distributed and hard-coded into web browsers. Users accessing web domains in this list will automatically use HTTPS. Or be redirected to HTTPS if accessing via HTTP. If the web server does not support HTTPS, the access request will be denied. If you don’t know what is the optimal HSTS? So don’t miss this information

Install HSTS for Nginx

Add the STS (Strict-Transport-Security) header to the nginx vhost settings:

add_header Strict-Transport-Security “max-age=31536000; includeSubDomains” always;

With this setting we have:

add_header Strict-Transport-Security: Add STS to response header
max-age=31536000: STS header will expire after 1 year
includeSubDomains: Apply HSTS to all subdomains

The “always” setting allows headers for all responses, including internally generated error responses. Older versions of NGINX do not support the “always” parameter and do not header internally generated error responses.

By default, HSTS is cached by the browser. If you want to register this domain in “HSTS preload lis” on https://hstspreload.appspot.com/, you need to add bootstrap to settings:

add_header Strict-Shipping-Security “max -age=31536000; includeSubDomains” always; preload

How to disable HSTS for Nginx

To disable HSTS, just set the “max-age=0” parameter:

add_header Strict-Transport-Security “max-age=0; includeSubDomains” always;

See more : What is htaccess wordpress? Instructions for creating a simple .htaccess file

Here is a summary of the information What is HSTS?, how to optimize HSTS. Looking forward to reading the next articles of WordPress Tips Please

0
0
voice

Rate items

[ad_2]

Unlock Your Office Productivity Potential with Udemy Courses
Are you ready to boost your office productivity to new heights? Look no further than Udemy’s Office Productivity Courses! With a wide range of comprehensive and practical courses, Udemy provides […]
Mastering Online Learning: Unlock Your Potential with Udemy Courses
Introduction Welcome to our comprehensive guide on leveraging the power of free Udemy courses to enhance your online learning journey. In this article, we will delve into the vast array […]
Udemy Coupon Code – Get Udemy Deal Today: Unlocking the Secrets to Learning at an Unbeatable Price
In the vast and ever-evolving world of online education, Udemy has emerged as a leading platform that offers a wide range of courses to help individuals enhance their skills and […]
The Web Developer Bootcamp 2023: Unleash Your Full Potential in Web Development
Are you ready to unlock your potential as a web developer and take your skills to new heights? Look no further than The Web Developer Bootcamp 2023, an exceptional online […]
How to Use Scrapy for Web Scraping Step-by-Step: A Beginner’s Guide
Web scraping has become a crucial aspect of data extraction, data mining, and data scraping in various industries. Scrapy, a Python-based web scraping framework, has emerged as a popular tool […]

What is HSTS? HSTS Optimization Guide

What is HSTS?

How does HSTS work?

Optimization of HSTS

Install HSTS for Nginx

How to disable HSTS for Nginx

Domain

Hosting

Hosting Comparison

Python

Seo

Wordpress

Dog

Gaming Chairs

Graphic design

Make Money Online

Pets

Udemy

What is HSTS?

How does HSTS work?

Optimization of HSTS

Install HSTS for Nginx

How to disable HSTS for Nginx

Recommended Posts

Make A Superscript In Canva — Guide for beginer

WordPress Tutorial for Beginners: What You’ll Need to Know

How to hide WooCommerce Add to Cart or Price button for users who are not logged in?