This is a general HTTP security thread for anyone willing to discuss, help newbies or learn more about HTTP security in general.
Who among you running your own Web server? Do you secure your traffic with TLS and HTTP security headers? Do you enforce a secure connection using HSTS [1]? Do you ensure that user agents pin your server's public certificate with HPKP [2]? Do you enforce content restrictions with CSP [3]?
The following websites help you check your server security:
https://www.ssllabs.com/ssltest/index.html
https://observatory.mozilla.org/
https://securityheaders.io/
Or you can do a basic check yourself using the following tools:
sslscan
sslyze
observatory-cli
[1] https://tools.ietf.org/html/rfc6797
[2] https://tools.ietf.org/html/rfc7469
[3] https://www.w3.org/TR/CSP2/
>>60755152
Don't use HTTP
Use HTTPS
>>60755437
You're still using HTTP with HTTPS, anon. HTTPS is merely HTTP over an encrypted connection.
>>60755525
which is secure
>>60755546
Do you have anything to contribute to this thread?
>>60755603
pointing out OPs tech illiteracy
>>60755608
>What is TLS
>What is HSTS
>What is HPKP
You obviously didn't read the thread very well.
>>60755546
Depends on the cipher suite.