Web App Security

5 pts.
Tags:
Web security
Why HSTS header are not being used even in most secure web applications i.e. banking domains while it is recommended for best security practice?

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Subhendu Sen
    From where did you get this query. Is there any practical scenario/ a technical problems. Assuming this is based on home work, if this is the case, please do read study materials/ some good references and find answers by your own efforts. Or please come back with actual problems.
    118,040 pointsBadges:
    report
  • sammeermalik
    Dear Subhendu,

    There is no technical problem in using HSTS header. It is just a precautionary measure. It is recommended by the OWASP that websites with paranoid level security must use this header, in general, for all websites that are using SSL. It is not a severe risk to consider however it is websites responsibility to protect its user from any cyber fraud/misconduct.

    For reference you may check: https://hstspreload.appspot.com/ for banking websites like HDFC netbanking or similer.

    Thanks!
    5 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: