evercookie icon indicating copy to clipboard operation
evercookie copied to clipboard

Published 20 hours ago verified publisher icon samyk

HSTS Cookie

Open Frige1 opened this issue 5 years ago • 1 comments

Hey, maybe i missunderstand but can someone explain me the usage of the hsts cookie?

Options: hsts: true, hsts_domains: ['/php/hsts_cookie.php','',''], for example a 4?

or how i have to setup the domains? What i have to do for the hsts_domains[]?

Frige1 avatar Sep 25 '18 08:09 Frige1

A year later, but hey better than never: hsts_domains needs to be an array containing the path to multiple urls to /php/hsts_cookie.php or equivalent server side script, each on its own domain. I.e something like ['http://hsts1.foo.com/hsts_cookie.php', 'http://hsts2.foo.com/hsts_cookie.php', 'http://hsts3.foo.com/hsts_cookie.php', ....]

Each domain can store one bit of information. So if you want to store a 32bit integer you'd need 32 domains, or a wildcard domain. (Nowadays easy to get from letsencrypt)

SleepProgger avatar Oct 31 '19 00:10 SleepProgger