翻訳と辞書 Words near each other ・ HTTP compression ・ HTTP cookie ・ HTTP Debugger ・ HTTP ETag ・ HTTP File Server ・ HTTP handler ・ HTTP header injection ・ HTTP Live Streaming ・ HTTP location ・ HTTP message body ・ HTTP persistent connection ・ HTTP pipelining ・ HTTP Public Key Pinning ・ HTTP referer ・ HTTP response splitting ・ HTTP Strict Transport Security ・ HTTP Switchboard ・ HTTP tunnel ・ HTTP+HTML form-based authentication ・ HTTP/1.1 Upgrade header ・ HTTP/2 ・ HTTPA ・ Httpd ・ Httpd.conf ・ Httperf ・ HTTPR ・ HTTPRange-14 ・ HTTPS ・ HTTPS Everywhere ・ HTTPsec Dictionary Lists mini英和辞書 mini和英辞書 Webster 1913 Latin-English FOLDOC Wikipedia English ウィキペディア

翻訳と辞書　辞書検索 [ 開発暫定版 ] スポンサード リンク HTTP Strict Transport Security ： ウィキペディア英語版 HTTP Strict Transport Security HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect secure HTTPS websites against downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,〔HTTPS refers to HTTP layered over TLS/SSL. Such secured HTTP connections are denoted by the URI scheme name of "https", and this protocol stack is often colloquially referred to as the "HTTPS protocol".〕 and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797. The HSTS Policy is communicated by the server to the user agent via an HTTP response header field named "Strict-Transport-Security". HSTS Policy specifies a period of time during which the user agent shall access the server in a secure-only fashion. == Specification history == The HSTS specification was published as RFC 6797 on 19 November 2012 after being approved on 2 October 2012 by the IESG for publication as a Proposed Standard RFC.〔(【引用サイトリンク】 () Protocol Action: 'HTTP Strict Transport Security (HSTS)' to Proposed Standard (draft-ietf-websec-strict-transport-sec-14.txt) )〕 The authors originally submitted it as an Internet-Draft on 17 June 2010. With the conversion to an Internet-Draft, the specification name was altered from "Strict Transport Security" (STS) to "HTTP Strict Transport Security", because the specification applies only to HTTP. (Note: the HTTP response header field defined in the HSTS specification remains named "Strict-Transport-Security"). The last so-called "community version" of the then-named "STS" specification was published on 18 December 2009, with revisions based on community feedback.〔(【引用サイトリンク】 Strict Transport Security -06 )〕 The original draft specification by Jeff Hodges〔(【引用サイトリンク】 Jeff Hodges's homepage )〕 from PayPal, Collin Jackson〔(【引用サイトリンク】 Collin Jackson's homepage )〕 and Adam Barth〔(【引用サイトリンク】 Adam Barth's homepage )〕 was published on 18 September 2009.〔(【引用サイトリンク】 Strict Transport Security -05 )〕 The HSTS specification is based on original work by Jackson and Barth as described in their paper “ForceHTTPS: Protecting High-Security Web Sites from Network Attacks”.〔(【引用サイトリンク】 ForceHTTPS: Protecting High-Security Web Site from Network Attacks )〕 Additionally, HSTS is the realization of one facet of an overall vision for improving web security, put forward by Jeff Hodges and Andy Steingruebl in their 2010 paper ''The Need for Coherent Web Security Policy Framework(s)''. 抄文引用元・出典: フリー百科事典『 ウィキペディア（Wikipedia）』 ■ウィキペディアで「HTTP Strict Transport Security」の詳細全文を読む スポンサード リンク 翻訳と辞書 : 翻訳のためのインターネットリソース Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.