HSTS Priming
Implementation Report for WebAppSec
November 2017
Observation:
Problem:
Idea:
Why HSTS Priming?
In a Nutshell:
Principle Approach
Fundamental Algorithm (Phase 1)
Fundamental Algorithm (Phase 2)
Priming is capable of upgrading 0,6% of mixed content loads
HSTS Priming Requests (Firefox Beta, Sept. 20th - October 3rd, 2017
Evaluation - Effectiveness
Success: Median 683ms
Failure: Median: 1,223ms
Evaluation - Performance
Evaluation - Engineering Effort
Take Away