MoonPoint Support Logo

 


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
December
Sun Mon Tue Wed Thu Fri Sat
         
5
19 20 21 22 23
24 25 26 27 28 29 30
31            
2017
Months
Dec


Tue, Dec 05, 2017 10:53 pm

Determining if a site has implemented HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) is a security mechanism used by some websites to ensure that HTTP Secure (HTTPS) is always used by visitors to the site even should some intermediate system between the visitor's browser and the website attempt a man-in-the-middle (MITM) attack to downgrade the communications protocol to the unencrypted Hypertext Transfer Protocol (HTTP). The HSTS specification was published as Request for Comments (RFC) 6797 on November 19, 2012. You can tell whether a site has implemented HSTS by establishing a telnet connection to port 80, the well-known port for HTTP connections. E.g.:

$ telnet graa.gsfc.nasa.gov 80
Trying 129.164.141.50...
Connected to gewa.gsfc.nasa.gov.
Escape character is '^]'.
HEAD / HTTP/1.1
HOST: example.com

HTTP/1.1 301 Moved Permanently
Date: Wed, 06 Dec 2017 02:56:57 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://example.com/
Connection: close
Content-Type: text/html; charset=iso-8859-1

Connection closed by foreign host.
$

[ More Info ]

[/network/web] permanent link

Once You Know, You Newegg AliExpress by Alibaba.com

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo