SSL
MOON
We can't find the internet
Attempting to reconnect
HTTP Strict Transport Security (HSTS) is a security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections and never via the insecure HTTP protocol.
Everything is ok
HSTS header values:
Max Age:
31536000 seconds (1 years)
Include subdomains:
Preload:
HSTS is configured properly
HSTS is properly configured with a single `Strict-Transport-Security` header, an appropriate `max-age` set, and the `includeSubDomains` and `preload` values are present. The max-age directive in HSTS settings specifies the time for which a browser enforces HTTPS, typically set to at least a year for long-term security. Including the includeSubDomains directive extends this security to all subdomains, protecting them from attacks like Man-In-The-Middle (MITM). The preload directive allows domains to be preloaded in browsers' HSTS lists, ensuring HTTPS is used from the first visit, enhancing security before any HSTS headers are received. This preloading is crucial for preventing interception and tampering during the initial connection. Overall, these HSTS configurations significantly improve web security by ensuring encrypted communication and safeguarding both the site and its users from specific cyber threats.
HTTP Strict Transport Security (HSTS) is a security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections and never via the insecure HTTP protocol.
| HSTS header values: | |
|---|---|
| Max Age: | 31536000 seconds (1 years) |
| Include subdomains: | |
| Preload: |
HSTS is configured properly
HSTS is properly configured with a single `Strict-Transport-Security` header, an appropriate `max-age` set, and the `includeSubDomains` and `preload` values are present. The max-age directive in HSTS settings specifies the time for which a browser enforces HTTPS, typically set to at least a year for long-term security. Including the includeSubDomains directive extends this security to all subdomains, protecting them from attacks like Man-In-The-Middle (MITM). The preload directive allows domains to be preloaded in browsers' HSTS lists, ensuring HTTPS is used from the first visit, enhancing security before any HSTS headers are received. This preloading is crucial for preventing interception and tampering during the initial connection. Overall, these HSTS configurations significantly improve web security by ensuring encrypted communication and safeguarding both the site and its users from specific cyber threats.
Lightcyphers
Banks