Submit Search
Upload
HSTS: Improving Security Without Losing Performance
•
2 likes
•
312 views
Ingo Steinke
Follow
lightning talk @ CGNwebperf 2018
Read less
Read more
Technology
Report
Share
Report
Share
1 of 11
Download now
Download to read offline
Recommended
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
Codemotion
Unknown author how to draw comics & cartoons
Unknown author how to draw comics & cartoons
Elsa von Licy
Crypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and Crypto
hannob
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
Guy Podjarny
HTTP_Header_Security.pdf
HTTP_Header_Security.pdf
ksudhakarreddy5
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Heroku
2017 - TYPO3 CertiFUNcation: Scott Helme - The Encrypted Web Is Coming
2017 - TYPO3 CertiFUNcation: Scott Helme - The Encrypted Web Is Coming
TYPO3 CertiFUNcation
Linux confau 2019: Web Security 2019
Linux confau 2019: Web Security 2019
James Bromberger
Recommended
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
Codemotion
Unknown author how to draw comics & cartoons
Unknown author how to draw comics & cartoons
Elsa von Licy
Crypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and Crypto
hannob
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
Guy Podjarny
HTTP_Header_Security.pdf
HTTP_Header_Security.pdf
ksudhakarreddy5
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Heroku
2017 - TYPO3 CertiFUNcation: Scott Helme - The Encrypted Web Is Coming
2017 - TYPO3 CertiFUNcation: Scott Helme - The Encrypted Web Is Coming
TYPO3 CertiFUNcation
Linux confau 2019: Web Security 2019
Linux confau 2019: Web Security 2019
James Bromberger
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
Paul Schreiber
2018 jPrime Deconstructing and Evolving REST Security
2018 jPrime Deconstructing and Evolving REST Security
David Blevins
HTTPS Site Migration with SEMrush
HTTPS Site Migration with SEMrush
Take It Offline
Https Webinar slides - SEMRush with Gerry White, Tom Bourlet & Andy Veal
Https Webinar slides - SEMRush with Gerry White, Tom Bourlet & Andy Veal
Gerry White
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
Paul Schreiber
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
Anna Morrison
HTTP Security Headers - Devoxx UA 18
HTTP Security Headers - Devoxx UA 18
Tim De Grande
Google are pushing HTTPS hard. Why? And, when should you act? by Mark Thoma...
Google are pushing HTTPS hard. Why? And, when should you act? by Mark Thoma...
SEO monitor
Architecture in Ajax Applications
Architecture in Ajax Applications
Alois Reitbauer
20190516 web security-basic
20190516 web security-basic
MksYi
WordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPS
Paul Schreiber
HTTP Strict Transport Security (HSTS), English version
HTTP Strict Transport Security (HSTS), English version
Michal Špaček
Mobius keynote
Mobius keynote
Doug Sillars
2018 Madrid JUG Deconstructing REST Security
2018 Madrid JUG Deconstructing REST Security
Bruno Baptista
Rails security: above and beyond the defaults
Rails security: above and beyond the defaults
Matias Korhonen
HTML5: The Next Internet Goldrush
HTML5: The Next Internet Goldrush
Peter Lubbers
Delivering the news over HTTPS
Delivering the news over HTTPS
Paul Schreiber
HTTP2 is Here!
HTTP2 is Here!
Andy Davies
Intro to Git Devnet-1080 Cisco Live 2018
Intro to Git Devnet-1080 Cisco Live 2018
Ashley Roach
Defeating Cross-Site Scripting with Content Security Policy (updated)
Defeating Cross-Site Scripting with Content Security Policy (updated)
Francois Marier
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
MounikaPolabathina
More Related Content
Similar to HSTS: Improving Security Without Losing Performance
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
Paul Schreiber
2018 jPrime Deconstructing and Evolving REST Security
2018 jPrime Deconstructing and Evolving REST Security
David Blevins
HTTPS Site Migration with SEMrush
HTTPS Site Migration with SEMrush
Take It Offline
Https Webinar slides - SEMRush with Gerry White, Tom Bourlet & Andy Veal
Https Webinar slides - SEMRush with Gerry White, Tom Bourlet & Andy Veal
Gerry White
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
Paul Schreiber
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
Anna Morrison
HTTP Security Headers - Devoxx UA 18
HTTP Security Headers - Devoxx UA 18
Tim De Grande
Google are pushing HTTPS hard. Why? And, when should you act? by Mark Thoma...
Google are pushing HTTPS hard. Why? And, when should you act? by Mark Thoma...
SEO monitor
Architecture in Ajax Applications
Architecture in Ajax Applications
Alois Reitbauer
20190516 web security-basic
20190516 web security-basic
MksYi
WordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPS
Paul Schreiber
HTTP Strict Transport Security (HSTS), English version
HTTP Strict Transport Security (HSTS), English version
Michal Špaček
Mobius keynote
Mobius keynote
Doug Sillars
2018 Madrid JUG Deconstructing REST Security
2018 Madrid JUG Deconstructing REST Security
Bruno Baptista
Rails security: above and beyond the defaults
Rails security: above and beyond the defaults
Matias Korhonen
HTML5: The Next Internet Goldrush
HTML5: The Next Internet Goldrush
Peter Lubbers
Delivering the news over HTTPS
Delivering the news over HTTPS
Paul Schreiber
HTTP2 is Here!
HTTP2 is Here!
Andy Davies
Intro to Git Devnet-1080 Cisco Live 2018
Intro to Git Devnet-1080 Cisco Live 2018
Ashley Roach
Defeating Cross-Site Scripting with Content Security Policy (updated)
Defeating Cross-Site Scripting with Content Security Policy (updated)
Francois Marier
Similar to HSTS: Improving Security Without Losing Performance
(20)
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
2018 jPrime Deconstructing and Evolving REST Security
2018 jPrime Deconstructing and Evolving REST Security
HTTPS Site Migration with SEMrush
HTTPS Site Migration with SEMrush
Https Webinar slides - SEMRush with Gerry White, Tom Bourlet & Andy Veal
Https Webinar slides - SEMRush with Gerry White, Tom Bourlet & Andy Veal
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
HTTP Security Headers - Devoxx UA 18
HTTP Security Headers - Devoxx UA 18
Google are pushing HTTPS hard. Why? And, when should you act? by Mark Thoma...
Google are pushing HTTPS hard. Why? And, when should you act? by Mark Thoma...
Architecture in Ajax Applications
Architecture in Ajax Applications
20190516 web security-basic
20190516 web security-basic
WordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPS
HTTP Strict Transport Security (HSTS), English version
HTTP Strict Transport Security (HSTS), English version
Mobius keynote
Mobius keynote
2018 Madrid JUG Deconstructing REST Security
2018 Madrid JUG Deconstructing REST Security
Rails security: above and beyond the defaults
Rails security: above and beyond the defaults
HTML5: The Next Internet Goldrush
HTML5: The Next Internet Goldrush
Delivering the news over HTTPS
Delivering the news over HTTPS
HTTP2 is Here!
HTTP2 is Here!
Intro to Git Devnet-1080 Cisco Live 2018
Intro to Git Devnet-1080 Cisco Live 2018
Defeating Cross-Site Scripting with Content Security Policy (updated)
Defeating Cross-Site Scripting with Content Security Policy (updated)
Recently uploaded
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
MounikaPolabathina
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
mohitsingh558521
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
BkGupta21
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
blackmambaettijean
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Nathaniel Shimoni
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
Recently uploaded
(20)
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
HSTS: Improving Security Without Losing Performance
1.
HSTS: Improving Security
Without Losing Performance #CGNwebperf #25 Cologne, 6 December 2018 Ingo Steinke @fraktalisman Sevenval Technologies GmbH sevenval.com wao.io
2.
HSTS: Improving Security
Without Losing Performance Hypertext Strict Transport Security
3.
? HSTS + HTTP/2 + TLS 1.3 + Let’s
Encrypt (Ilya Grigorik, Velocity 2014) 2018 (Illustration © Jonathan Burton)
4.
HSTS Reduce Round Trips 307 Internal Redirect
5.
HSTS Header hstspreload.org Strict-Transport-Security: max-age=31536000 HSTS
Cache: chrome://net-internals/hsts#hsts HSTS Preload List
6.
HSTS Header Strict-Transport-Security: max-age=31536000 includeSubDomains http://old.legacy.domain.i.forgot.com/
7.
HTTPS && B HTTPS
&& Brotli HTTPS && Brotli Most new performance features require HTTPS.
8.
Most new performance
features require HTTPS. S W Image © Microsoft
9.
HTTPS HSTS TLS
1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTP/2 HTTPS HSTS TLS 1.3 HTTPS HSTS TLS 1.3 HTTPS HSTS TLS 1.3 HTTPS HSTS TLS 1.3 HTTPS HSTS TLS 1.3 HTTPS HSTS TLS 1.3 HTTPS HSTS TLS 1.3 HTTPS HSTS TLS 1.3 HTTPS HSTS TLS 1.3 HTTPS HSTS TLS 1.3 HTTPS HSTS TLS 1.3 HTTPS HSTS TLS 1.3 do it yourself wao.io, cloudflare, ... Just do it ! © IKEA
10.
developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet hstspreload.org en.wikipedia.org/wiki/Brotli istlsfastyet.com blog.wao.io/tls-1-3 HSTS: Improving Security
Without Losing Performance
11.
HSTS: Improving Security
Without Losing Performance #CGNwebperf sevenval.com wao.io Thanks! && Questions?
Download now