pascalalfadian/security.php

## security.php
<?php
header('Strict-Transport-Security: max-age=60');
?><!doctype html>
<html lang="en">
<head>
<title>Kitchen Sink for Security chapter of Web Almanac 2022</title>
<script src="https://code.jquery.com/jquery-3.6.4.min.js" integrity="sha256-oP6HI9z1XaZNBrJURtCoUT5SUnxFr8s3BzRl+cbzUq8=" crossorigin="anonymous"></script>
</head>
<body>
	<h1>Kitchen Sink for Security chapter of Web Almanac 2022</h1>
	<p>View source <a href="https://gist.github.com/pascalalfadian/9c1ea753b374a21e3702450bbd70e79e">here</a>.</p>
	<h2>Protocol version, Cipher Suite, Certificate Authority</h2>
	<p>Check browser for protocol version (Developer Console &gt; Security tab).</p>
	<h2>HSTS</h2>
	<p>In Google Chrome, check <code>chrome://net-internals/#hsts</code>.</p>
	<h2>SRI</h2>
	<p>If jQuery works, <a href="#" id="here">Clicking here</a> will show an alert.</p>
	<script>
		$('#here').click(function(e) {
			e.preventDefault();
			alert('Hello, world!');
		});
	</script>
	<h2>Web Crypto API</h2>
	<p><a href="#" id="webcrypto">Click here</a> to generate random values: <span id="webcrypto-output"></span>.</p>
	<script>
		$('#webcrypto').click(function(e) {
			e.preventDefault();
			let array = new Uint8Array(10);
			self.crypto.getRandomValues(array);
			$('#webcrypto-output').text(JSON.stringify(array));
		});
	</script>
</body>
</html>
	<?php
	header('Strict-Transport-Security: max-age=60');
	?><!doctype html>
	<html lang="en">
	<head>
	<title>Kitchen Sink for Security chapter of Web Almanac 2022</title>
	<script src="https://code.jquery.com/jquery-3.6.4.min.js" integrity="sha256-oP6HI9z1XaZNBrJURtCoUT5SUnxFr8s3BzRl+cbzUq8=" crossorigin="anonymous"></script>
	</head>
	<body>
	<h1>Kitchen Sink for Security chapter of Web Almanac 2022</h1>
	<p>View source <a href="https://gist.github.com/pascalalfadian/9c1ea753b374a21e3702450bbd70e79e">here</a>.</p>
	<h2>Protocol version, Cipher Suite, Certificate Authority</h2>
	<p>Check browser for protocol version (Developer Console > Security tab).</p>
	<h2>HSTS</h2>
	<p>In Google Chrome, check <code>chrome://net-internals/#hsts</code>.</p>
	<h2>SRI</h2>
	<p>If jQuery works, <a href="#" id="here">Clicking here</a> will show an alert.</p>
	<script>
	$('#here').click(function(e) {
	e.preventDefault();
	alert('Hello, world!');
	});
	</script>
	<h2>Web Crypto API</h2>
	<p><a href="#" id="webcrypto">Click here</a> to generate random values: <span id="webcrypto-output"></span>.</p>
	<script>
	$('#webcrypto').click(function(e) {
	e.preventDefault();
	let array = new Uint8Array(10);
	self.crypto.getRandomValues(array);
	$('#webcrypto-output').text(JSON.stringify(array));
	});
	</script>
	</body>
	</html>