This Time We Might Really Say Goodbye to HTTP

This Time We Might Really Say Goodbye to HTTP

Hello everyone, I am ConardLi. On August 16, the official Chromium blog announced that it will attempt to default all website protocols to HTTPS (even if users actively access via HTTP). This experiment has already been initiated in Chrome 115. As you may have noticed, over the past few years, most websites have been transitioning … Read more

Third-Party Website Testing: Detection of HTTP Response Header Security Configuration in Web Security Testing

Third-Party Website Testing: Detection of HTTP Response Header Security Configuration in Web Security Testing

Third-Party Website Testing: Detection of HTTP Response Header Security Configuration in Web Security Testing Security Header Detection 1. Strict-Transport-Security (HSTS) 2. Check max-age value: should be ≥ 15552000 seconds (180 days) 3. Check includeSubDomains directive: ensure it includes subdomains 4. Validate preload directive: must be set to join the preload list Example: Strict-Transport-Security: max-age=31536000; includeSubDomains; … Read more