Actions
Feature #480
closedDisable HSTS
Start date:
07/24/2019
Due date:
% Done:
0%
Estimated time:
Description
https://stackoverflow.com/questions/37379933/does-androids-webview-support-hsts
https://developer.android.com/training/articles/security-config.html
HSTS provides no benefit for Privacy Browser because it defaults to HTTPS.
However, it has the negative privacy consequence of creating a list of all the websites that a user has visited and storing that list in WebView's cache.
This cache is wiped out whenever Clear and Exit is run with the default settings, but it makes sense to me to disable the storage of such information in the first place.
Updated by Soren Stoutner over 5 years ago
Information about the fingerprinting possibilities of HSTS can be found at https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security#Privacy_issues.
Updated by Soren Stoutner over 5 years ago
- Status changed from New to Closed
Actions