Pablo Blanco pablanco
pablanco
/ An example with HSTS
Last active Jun 28, 2020
View An example with HSTS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $> curl --head https://www.hsts-header-enabled.com | |
| HTTP/2 200 | |
| strict-transport-security: max-age=15552000; preload | |
| --- | |
| $> nmap -p 443 --script http-security-headers hsts-header-enabled.com | |
| .... | |
| PORT STATE SERVICE | |
| 443/tcp open https |
pablanco
/ An example with HSTS
Created Jun 28, 2020
View An example with HSTS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $> curl --head https://www.hsts-heade-enabled.com | |
| HTTP/2 200 | |
| strict-transport-security: max-age=15552000; preload | |
| --- | |
| $> nmap -p 443 --script http-security-headers hsts-heade-enabled.com | |
| .... | |
| PORT STATE SERVICE | |
| 443/tcp open https |
pablanco
/ gist:0f299835b207db93b39f108bbb4fe87e
Created Jun 28, 2020
An example of a redirection without HSTS or CSP
View gist:0f299835b207db93b39f108bbb4fe87e
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| $> curl --head https://www.not-hsts-header.com | |
| HTTP/1.1 301 Moved Permanently | |
| Content-length: 0 | |
| --- | |
| $> nmap -p 443 --script http-security-headers not-hsts-header.com | |
| .... |