Anti-spam team, Confirmed users
99
edits
User:Apking/Web Security Guidelines: Difference between revisions
User:Apking/Web Security Guidelines (view source)
Revision as of 21:46, 5 January 2016
, 5 January 2016minor tweaking of cheat sheet
(Linkify cheat sheet) |
(minor tweaking of cheat sheet) |
||
| Line 402: | Line 402: | ||
| Mandatory | | Mandatory | ||
| Use the most secure TLS configuration for your userbase | | Use the most secure TLS configuration for your userbase | ||
|- style="background-color: #E99696;" | |||
| style="padding-left: 1.5em;" | [[#HTTP Public Key Pinning|<span style="color: black;">Public Key Pinning</span>]] | |||
| Mandatory for critical risk sites only | |||
| Not recommended for most sites | |||
|- style="background-color: #9EDB58;" | |||
| style="padding-left: 1.5em;" | [[#HTTP Redirections|<span style="color: black;">Redirections from HTTP</span>]] | |||
| Mandatory | |||
| Websites must redirect to HTTPS, API endpoints should disable HTTP entirely | |||
|- style="background-color: #9EDB58;" | |- style="background-color: #9EDB58;" | ||
| style="padding-left: 1.5em;" | [[#HTTP Strict Transport Security|<span style="color: black;">Strict Transport Security</span>]] | | style="padding-left: 1.5em;" | [[#HTTP Strict Transport Security|<span style="color: black;">Strict Transport Security</span>]] | ||
| Mandatory for all websites | | Mandatory for all websites | ||
| Minimum allowed time period of six months | | Minimum allowed time period of six months | ||
|- style="background-color: #E8E27A;" | |- style="background-color: #E8E27A;" | ||
| [[#Content Security Policy|<span style="color: black;">Content Security Policy</span>]] | | [[#Content Security Policy|<span style="color: black;">Content Security Policy</span>]] | ||