ssleuth icon indicating copy to clipboard operation
ssleuth copied to clipboard

Published 20 hours ago verified publisher icon sibiantony

Add HSTS and HPKP

Open ghost opened this issue 9 years ago • 9 comments

It would be good to also check whether the server is using HTTP Strict Transport Security and [HTTP Public Key Pinning](HTTP Public Key Pinning).

ghost avatar May 24 '15 13:05 ghost

This would be a fine addition.

tr37ion avatar May 27 '15 10:05 tr37ion

Indeed, this is in the roadmap. Please expect some delay, too busy right now.

sibiantony avatar May 28 '15 16:05 sibiantony

Great, thanks for your work.

tr37ion avatar May 28 '15 22:05 tr37ion

When will this be implemented? HSTS shouldn't be too difficult to implement

ghost avatar Mar 27 '16 11:03 ghost

@ekaris at the moment I'm looking to bring in e10s support in my spare time. I hope to complete it before mid 2016. As soon as that is done, I can incorporate other features like this. But PRs are always welcome!

sibiantony avatar Mar 29 '16 17:03 sibiantony

I can try to see if I can do this, it doesn't look much effort, just check if header is present

ghost avatar Mar 29 '16 17:03 ghost

@ekaris just saw you put a PR at https-everywhere, so would urge you to fork and make a PR for this as well. Maybe something that could be built as an experimental mode - wdyt @sibiantony

shirishag75 avatar Dec 19 '16 21:12 shirishag75

I'm going to leave this to the dev since the addon would need to be rewritten using WebExtensions next year to continue to work.

ghost avatar Dec 21 '16 16:12 ghost

We'll see. I'd say Mozilla can't stick to the schedule, when we see how much the e10s project has already been delayed, because of incompatible add-ons.

rugk avatar Dec 21 '16 20:12 rugk