https://codereview.doctor/features/django/best-practice/http-strict-transport-security
https://learndjango.com/tutorials/django-best-practices-security#:~:text=The%20SECURE_HSTS_SECONDS%20setting%20is%20set,month%2C%202%2C592%2C000%20seconds%2C%20instead.
Importance of HSTS :
If your website is using HTTPS, then it is likely that your website redirects HTTP to HTTPS (if not, it should). However, a Man In The Middle attack can intercept the initial HTTP request and instead serve the user a malicious webpage that looks like your website. SECURE_HSTS_SECONDS reduces the change of that because the brower will simply not do HTTP requests to your website.
The SECURE_HSTS_SECONDS setting is set to 0 by default but the greater the better for security purposes. A good default is to set it to one month, 2,592,000 seconds,
No comments:
Post a Comment