Naked Science Forum

Non Life Sciences => Geek Speak => Topic started by: tkadm30 on 11/12/2016 16:37:11

Title: Should I disable HTTP Strict Transport Security (HSTS) in Firefox?
Post by: tkadm30 on 11/12/2016 16:37:11
Why is HTTP Strict Transport Security (HSTS) enabled on Firefox (Linux) and blocking Internet
access to google.com?
Title: Re: Should I disable HTTP Strict Transport Security (HSTS) in Firefox?
Post by: dirmanes on 20/05/2017 07:06:28
I really do not have any idea ;d
Title: Re: Should I disable HTTP Strict Transport Security (HSTS) in Firefox?
Post by: chris on 20/05/2017 10:07:34
This protocol forces the browser into ssl (https://) regime whenever possible. It's there for your protection, but if you know what you are doing then there is no harm in deactivating it. I use this on the file transfer server we use for our radio programmes. This way, when staff call the log in page, it defaults to an https:// connection preventing them from exposing their passwords over an unencrypted connection.
Title: Re: Should I disable HTTP Strict Transport Security (HSTS) in Firefox?
Post by: jeffreyH on 20/05/2017 23:06:23
It is likely 'them' blocking your access to google rather than your browser. They know you are onto them.
Title: Re: Should I disable HTTP Strict Transport Security (HSTS) in Firefox?
Post by: tkadm30 on 20/05/2017 23:29:34
There is a potential privacy leak for clients when HSTS is enabled on the server side...

See: https://nakedsecurity.sophos.com/2015/02/02/anatomy-of-a-browser-dilemma-how-hsts-supercookies-make-you-choose-between-privacy-or-security/