zio-http icon indicating copy to clipboard operation
zio-http copied to clipboard

Published 20 hours ago verified publisher icon zio

Add Support for Strict-Transport-Security (STS) Header

Open Saturn225 opened this issue 5 months ago • 0 comments

The Strict-Transport-Security (STS) header enforces secure HTTPS connections by instructing browsers to avoid using HTTP. Implementing the STS header in ZIO-HTTP would enhance security by preventing man-in-the-middle attacks and ensuring that communication remains encrypted.

Key Requirements:

  1. Implement support for the Strict-Transport-Security header.
  2. Support max-age, includeSubDomains and preload directives.
  3. Add tests to ensure compliance with the HTTP specifications regarding the STS header

Reference: https://datatracker.ietf.org/doc/html/rfc6797

Saturn225 avatar Sep 26 '24 08:09 Saturn225