A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.
To request an account, ask an autoconfirmed user on Chat (such as one of these permanent autoconfirmed members).
TLS
Jump to navigation
Jump to search
TLS
- Integrity of content (no tampering possible)
- Protection of end user credentials
- Increased confidentiality (not perfect; domain is leaked, traffic analysis can still tell a great deal)
- Access to new platform features
- Service workers
- Push API
- Subresource Integrity
- requestAutocomplete()
- WebRTC (maybe)
- Web Crypto (only Chrome requires TLS for now)
- Hopefully getUserMedia() and geolocation down the line (mistakenly allowed, will probably have non-TLS deprecation period before disabling there)
- Reduced problems with proxy traversal
- Tim Bray on why privacy should be on by default
- HTTPS is a ranking signal for Google
- Indie Web Camp on HTTPS
- How to switch to HTTPS for free
- Mozilla recommended server configurations
HSTS
- TLS: deploy HSTS TL;DR without HSTS your TLS deployment is not worth much
- https://www.eff.org/deeplinks/2014/02/websites-hsts