Naked Science Forum

Non Life Sciences => Geek Speak => Topic started by: smart on 11/12/2016 16:37:11

Title: Should I disable HTTP Strict Transport Security (HSTS) in Firefox?
Post by: smart on 11/12/2016 16:37:11

Why is HTTP Strict Transport Security (HSTS) enabled on Firefox (Linux) and blocking Internet
access to google.com?

Title: Re: Should I disable HTTP Strict Transport Security (HSTS) in Firefox?
Post by: dirmanes on 20/05/2017 07:06:28

I really do not have any idea ;d

Title: Re: Should I disable HTTP Strict Transport Security (HSTS) in Firefox?
Post by: chris on 20/05/2017 10:07:34

This protocol forces the browser into ssl (https://) regime whenever possible. It's there for your protection, but if you know what you are doing then there is no harm in deactivating it. I use this on the file transfer server we use for our radio programmes. This way, when staff call the log in page, it defaults to an https:// connection preventing them from exposing their passwords over an unencrypted connection.

Title: Re: Should I disable HTTP Strict Transport Security (HSTS) in Firefox?
Post by: jeffreyH on 20/05/2017 23:06:23

It is likely 'them' blocking your access to google rather than your browser. They know you are onto them.

Title: Re: Should I disable HTTP Strict Transport Security (HSTS) in Firefox?
Post by: smart on 20/05/2017 23:29:34

There is a potential privacy leak for clients when HSTS is enabled on the server side...

See: https://nakedsecurity.sophos.com/2015/02/02/anatomy-of-a-browser-dilemma-how-hsts-supercookies-make-you-choose-between-privacy-or-security/