I hereby claim:
- I am marumari on github.
- I am april (https://keybase.io/april) on keybase.
- I have a public key whose fingerprint is EBB4 C618 9D01 4427 6F26 AAA9 7EBC 09CB 4C42 7581
To claim this, I am signing this object:
april
/ keybase.md
Last active
August 29, 2015 14:09
❯ nmap –script ssl-enum-ciphers mozilla.org -p 443 [09:23:56]
Starting Nmap 7.00 ( https://nmap.org ) at 2015-11-20 09:23 CST Nmap scan report for mozilla.org (63.245.215.20) Host is up (0.076s latency). Other addresses for mozilla.org (not scanned): 2620:101:8008:5::2:1 rDNS record for 63.245.215.20: bedrock-prod-zlb.vips.scl3.mozilla.com PORT STATE SERVICE 443/tcp open https
| ssl-enum-ciphers: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ httpobs garron.net | |
| Score: 45 [D+] | |
| Modifiers: | |
| [ +5] Preloaded via the HTTP Strict Transport Security (HSTS) preloading process | |
| [ -5] X-Content-Type-Options header not implemented | |
| [ -10] X-XSS-Protection header not implemented | |
| [ -20] X-Frame-Options (XFO) header not implemented | |
| [ -25] Content Security Policy (CSP) header not implemented | |
| $ httpobs pokeinthe.io |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ❯ httpobs -r ssllabs.com | |
| Score: 35 [D-] | |
| Modifiers: | |
| [ -5] Initial redirection from http to https is to a different host, preventing HSTS | |
| [ -5] X-Content-Type-Options header not implemented | |
| [ -10] X-XSS-Protection header not implemented | |
| [ -20] X-Frame-Options (XFO) header not implemented | |
| [ -25] Content Security Policy (CSP) header not implemented |
april
/ Totem Cycle
Last active
June 5, 2016 03:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hedron Totem -- 2C | |
| Artifact Creature — Golem | |
| Defender | |
| {name} is indestructible as long as you control another nonland, colorless permanent. | |
| Colorless spells cost {1} less to cast. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name site.mozilla.org; | |
| location / { | |
| return 301 https://$server_name$request_uri; | |
| } | |
| location /twohundredinator { | |
| access_log off; |
april
/ gist:eb756a7899becce19f619910f019039e
Last active
September 30, 2016 21:40
Alexa Top 1M with HSTS, April 2016, ordered by max-age frequency
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| max_age | count | |
| --------------+------- | |
| 31536000 | 9222 | |
| 15552000 | 3445 | |
| 63072000 | 1622 | |
| 15768000 | 1582 | |
| 0 | 891 | |
| 300 | 482 | |
| 16070400 | 366 | |
| 2592000 | 350 |
april
/ gist:0d88fce62fa8a860d14b4a33dcf74a17
Created
August 10, 2016 20:35
Most popular HSTS max-age values where preload is set
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| max_age | count | |
| --------------+------- | |
| 63072000 | 893 | |
| 31536000 | 862 | |
| 15552000 | 505 | |
| 0 | 209 | |
| 15768000 | 119 | |
| 10886400 | 86 | |
| 2592000 | 83 | |
| 16000000 | 31 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http_observatory=# select result, count(result) from tests where name='x-frame-options' group by result; | |
| result | count | |
| -------------------------------------+-------- | |
| x-frame-options-not-implemented | 887643 | |
| x-frame-options-sameorigin-or-deny | 66073 | |
| x-frame-options-implemented-via-csp | 916 | |
| x-frame-options-header-invalid | 3463 | |
| x-frame-options-allow-from-origin | 312 |
april
/ gist:0f6a1fa0283f2e9e3e916d1dad7aff48
Created
September 13, 2016 18:50
frame-ancestors use amongst the Alexa Top 1M, April 2016
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| asstr.org: frame-ancestors self https://*.asstr.org | |
| cottontraders.com: frame-ancestors 'self' | |
| fishtanksdirect.com: frame-ancestors 'self' | |
| extremeshok.com: frame-ancestors 'self' webshok.com *.webshok.com extremeshok.com *.extremeshok.com | |
| bitdefender.de: frame-ancestors 'self' https://bitdefender.marketing.adobe.com | |
| ogilvydo.com: frame-ancestors ogilvyonelp.asiadigitalhub.com ogilvy.com.my www.ogilvy.com.my ogilvyone.asia www.ogilvyone.asia customerengagement.com www.customerengagement.com bitcast-a.v1.hkg1.bitgravity.com www.ogilvydo.com | |
| bostonheatingsupply.com: frame-ancestors 'self' | |
| scottradeinvestmentmanagement.com: frame-ancestors https://*.scottrade.com | |
| hastrk2.com: frame-ancestors 'self' https://*.google.com https://*.googleusercontent.com https://editionsatplay.withgoogle.com https://livecase.withgoogle.com | |
| toysrus.co.uk: frame-ancestors 'self' |
OlderNewer