Hardening Website Security – Part 1a: HSTS Preloading

In part 1 of this series of articles we described the HSTS header “Strict-Transport-Security”. This header is used to tell the clients web browser that HTTP Strict Transport Security mode should be enabled so that the browser should remember that this website only uses HTTPS and should not accept any unencrypted traffic.

Hardening Website Security – Part 1: HTTP Security Headers

Introduction It feels like almost every week there’s another news item about personal information being stolen because yet another company’s website got hacked. Most of these attacks are perpetrated through social engineering, persuading somebody to hand over some detail which allows the hacker to gain additional privileges and, eventually, access to personal information. However, a…