all InfoSec news
HSTS header sent over HTTP (and HTTPS as well)
Jan. 28, 2023, 6:10 a.m. | /u/itgk29
cybersecurity www.reddit.com
​
The [HSTS RFC](https://www.rfc-editor.org/rfc/rfc6797) states:
>An HSTS Host MUST NOT include the STS header field in HTTP responses conveyed over non-secure transport.
and
>If an HTTP response is received over insecure transport, the UA MUST ignore any present STS header field(s).
​
My question is:
* If a web server sends an HSTS header over …
amp cybersecurity doing header host hsts http https insecure non question questions response server transport web web server
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Regional Leader, Cyber Crisis Communications
@ Google | United Kingdom
Regional Intelligence Manager, Compliance, Safety and Risk Management
@ Google | London, UK
Senior Analyst, Endpoint Security
@ Scotiabank | Toronto, ON, CA, M1K5L1
Software Engineer, Security/Privacy, Google Cloud
@ Google | Bengaluru, Karnataka, India
Senior Security Engineer
@ Coinbase | Remote - USA