> Andreas,
>
> Do you know of any large, high traffic sites that are using HSTS today?
>
> Peter
>
For Chrome (Chromium) you can view the preload HSTS list here:
https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json
google / twitter / paypal to
Am 07.06.19 um 16:22 schrieb Peter Booth via nginx:
> Do you know of any large, high traffic sites that are using HSTS today?
echo "debian.org
ietf.org
web.de
gmx.net
posteo.de
mailbox.org
andreasschulze.de
paypal.com" \
| while read -r high_traffic_s
Andreas,
Do you know of any large, high traffic sites that are using HSTS today?
Peter
> On Jun 5, 2019, at 12:56 PM, A. Schulze wrote:
>
>
>
> Am 05.06.19 um 14:54 schrieb Sathish Kumar:
>> Hi Team,
>>
>> We would like to fix the HTTPS pinning vuln
In the context of a mobile app, pinning usually means checking the public
key of the server in your app matches what is expected. There is nothing to
configure server-side. If you change the private key used by your SSL
certificate, then your app will break. Renewing an SSL certificate doesn't
usua
Am 05.06.19 um 14:54 schrieb Sathish Kumar:
> Hi Team,
>
> We would like to fix the HTTPS pinning vulnerability on our Nginx and Mobile
> application Android/iOS. If I enable on Nginx, do we need to add the pinning
> keys on our application and have to rotate the pinning keys
Hi Team,
We would like to fix the HTTPS pinning vulnerability on our Nginx and
Mobile application Android/iOS. If I enable on Nginx, do we need to add the
pinning keys on our application and have to rotate the pinning keys
everytime when the SSL cert is renewed.
Please advise
