Enable javascript in your browser for better experience. Need to know to enable it? Go here.
As informações desta página não estão completamente disponíveis no seu idioma de escolha. Esperamos disponibiliza-las integralmente em outros idiomas em breve. Para ter acesso às informações no idioma de sua preferência, faça o download do PDF aquí.
Atualizado em : Mar 29, 2017
NÃO ENTROU NA EDIÇÃO ATUAL
Este blip não está na edição atual do Radar. Se esteve em uma das últimas edições, é provável que ainda seja relevante. Se o blip for mais antigo, pode não ser mais relevante e nossa avaliação pode ser diferente hoje. Infelizmente, não conseguimos revisar continuamente todos os blips de edições anteriores do Radar. Saiba mais
Mar 2017
Adote ?

HTTP Strict Transport Security ( HSTS ) is a now widely supported policy that allows websites to protect themselves from downgrade attacks. A downgrade attack in the context of HTTPS is one that can cause users of your site to fall back to HTTP rather than HTTPS, allowing for further attacks such as man-in-the-middle attacks. With HSTS, the server sends a header that informs the browser that it should only use HTTPS to access the website. Browser support is now widespread enough that this easy-to-implement feature should be added to any site using HTTPS. Mozilla's Observatory can help identify this and other useful headers and configuration options that improve security and privacy. When implementing HSTS, it is critical to verify that all resources load properly over HTTPS, because once HSTS is turned on, there is (almost) no turning back until the expiry time. The directive to include subdomains should be added but, again, a thorough verification that all subdomains support secure transport is required.

Nov 2016
Adote ?

HTTP Strict Transport Security ( HSTS ) is a now widely supported policy that allows websites to protect themselves from downgrade attacks. A downgrade attack in the context of HTTPS is one that can cause users of your site to fall back to HTTP rather than HTTPS, allowing for further attacks such as man-in-the-middle attacks. With HSTS, the server sends a header that informs the browser that it should only use HTTPS to access the website. Browser support is now widespread enough that this easy-to-implement feature should be added to any site using HTTPS. Mozilla’s Observatory can help identify this and other useful headers and configuration options that improve security and privacy. When implementing HSTS, it is critical to verify that all resources load properly over HTTPS, because once HSTS is turned on, there is (almost) no turning back until the expiry time. The directive to include subdomains should be added but, again, a thorough verification that all subdomains support secure transport is required.

Apr 2016
Experimente ?

HTTP Strict Transport Security ( HSTS ) is a now widely supported policy that allows websites to protect themselves from downgrade attacks. A downgrade attack in the context of HTTPS is one that can cause users of your site to fall back to HTTP rather than HTTPS, allowing for further attacks such as man-in-the-middle attacks. By using the server header, you inform browsers that they should only use HTTPS to access your website, and should ignore downgrade attempts to contact the site via HTTP. Browser support is now widespread enough that this easy-to-implement feature should be considered for any site using HTTPS.

Nov 2015
Experimente ?
Publicado : Nov 10, 2015

Baixe o PDF

 

 

 

English | Español | Português | 中文

Inscreva-se para receber o boletim informativo Technology Radar

 

 

Seja assinante

 

 

Visite nosso arquivo para acessar os volumes anteriores