https Tutorial => HSTS preload list

Example

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

HSTS is activated only after a successful HTTPS request to the server with a valid certificate. There is still a risk of a first-time user accessing the site, at which point a Man-in-the-Middle attack is possible.
To make the site secure even before the first request the domain can be added to a preload list, already configured in browsers.
The preload parameter is not used by the browsers directly, but it an indiciation to the browser developers that the site developers really asked to be added to the preload list.

PDF - Download https for free

Previous Next

https

Fastest Entity Framework Extensions

Example

Got any https Question?

https

https HTTP Strict Transport Security (HSTS) HSTS preload list

Fastest Entity Framework Extensions

Example

Got any https Question?