Apple Addresses HSTS User Tracking in WebKit


By Ionut Arghire

Apple has added new protections to the WebKit framework to prevent possible abuse of the HTTP Strict Transport Security (HSTS) security standard to track users.

HSTS offers a mechanism through which web sites declare themselves accessible only via secure connections and direct browsers to where that secure version resides. Basically, when a user attempts to connect to the insecure version of a website, HSTS forces the browser to go to the HTTPS version of the site instead.

<span …read more

Via:: Security Week