@webref/xref 1.0.1 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +77 -0
- package/ed/dfns/ecmascript.json +2 -2
- package/ed/dfns/encoding.json +20 -0
- package/ed/dfns/picture-in-picture.json +58 -18
- package/ed/dfns/shacl12-rules.json +181 -86
- package/ed/dfns/webdriver-bidi.json +148 -17
- package/ed/dfns/webmcp.json +164 -3
- package/ed/headings/SVG2.json +1 -1
- package/ed/headings/ecmascript.json +1 -1
- package/ed/headings/encoding.json +1 -1
- package/ed/headings/picture-in-picture.json +5 -5
- package/ed/headings/rfc2397.json +33 -9
- package/ed/headings/rfc4120.json +164 -134
- package/ed/headings/rfc6386.json +128 -104
- package/ed/headings/rfc6454.json +62 -38
- package/ed/headings/rfc6455.json +120 -90
- package/ed/headings/rfc6797.json +104 -80
- package/ed/headings/rfc7034.json +52 -28
- package/ed/headings/rfc7239.json +55 -31
- package/ed/headings/rfc7469.json +63 -39
- package/ed/headings/rfc7578.json +54 -30
- package/ed/headings/rfc7932.json +70 -40
- package/ed/headings/rfc8610.json +100 -63
- package/ed/headings/rfc8878.json +97 -88
- package/ed/headings/rfc9163.json +62 -59
- package/ed/headings/rfc9649.json +82 -79
- package/ed/headings/rfc9659.json +33 -30
- package/ed/headings/selectors-5.json +8 -1
- package/ed/headings/shacl12-rules.json +127 -77
- package/ed/headings/webdriver-bidi.json +10 -3
- package/ed/headings/webmcp.json +14 -0
- package/ed/headings/webusb.json +1 -1
- package/ed/headings/webvtt1.json +2 -2
- package/index.js +82 -9
- package/package.json +1 -1
- package/specs.json +28890 -0
- package/tr/dfns/shacl12-rules.json +181 -86
- package/tr/dfns/webdriver-bidi.json +148 -17
- package/tr/dfns/webvtt1.json +82 -95
- package/tr/headings/shacl12-rules.json +127 -77
- package/tr/headings/webdriver-bidi.json +10 -3
- package/tr/headings/webvtt1.json +3 -9
package/ed/headings/rfc6797.json
CHANGED
|
@@ -1,554 +1,578 @@
|
|
|
1
1
|
{
|
|
2
2
|
"spec": {
|
|
3
|
-
"title": "RFC 6797: HTTP Strict Transport Security (HSTS)",
|
|
4
|
-
"url": "https://www.rfc-editor.org/
|
|
3
|
+
"title": "RFC 6797: HTTP Strict Transport Security (HSTS) | RFC Editor",
|
|
4
|
+
"url": "https://www.rfc-editor.org/info/rfc6797/"
|
|
5
5
|
},
|
|
6
6
|
"headings": [
|
|
7
7
|
{
|
|
8
8
|
"id": "section-1",
|
|
9
|
-
"href": "https://www.rfc-editor.org/
|
|
9
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-1",
|
|
10
10
|
"title": "Introduction",
|
|
11
11
|
"level": 1,
|
|
12
12
|
"number": "1"
|
|
13
13
|
},
|
|
14
14
|
{
|
|
15
15
|
"id": "section-1.1",
|
|
16
|
-
"href": "https://www.rfc-editor.org/
|
|
16
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-1.1",
|
|
17
17
|
"title": "Organization of This Specification",
|
|
18
18
|
"level": 2,
|
|
19
19
|
"number": "1.1"
|
|
20
20
|
},
|
|
21
21
|
{
|
|
22
22
|
"id": "section-1.2",
|
|
23
|
-
"href": "https://www.rfc-editor.org/
|
|
23
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-1.2",
|
|
24
24
|
"title": "Document Conventions",
|
|
25
25
|
"level": 2,
|
|
26
26
|
"number": "1.2"
|
|
27
27
|
},
|
|
28
28
|
{
|
|
29
29
|
"id": "section-2",
|
|
30
|
-
"href": "https://www.rfc-editor.org/
|
|
30
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2",
|
|
31
31
|
"title": "Overview",
|
|
32
32
|
"level": 1,
|
|
33
33
|
"number": "2"
|
|
34
34
|
},
|
|
35
35
|
{
|
|
36
36
|
"id": "section-2.1",
|
|
37
|
-
"href": "https://www.rfc-editor.org/
|
|
37
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.1",
|
|
38
38
|
"title": "Use Cases",
|
|
39
39
|
"level": 2,
|
|
40
40
|
"number": "2.1"
|
|
41
41
|
},
|
|
42
42
|
{
|
|
43
43
|
"id": "section-2.2",
|
|
44
|
-
"href": "https://www.rfc-editor.org/
|
|
44
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.2",
|
|
45
45
|
"title": "HTTP Strict Transport Security Policy Effects",
|
|
46
46
|
"level": 2,
|
|
47
47
|
"number": "2.2"
|
|
48
48
|
},
|
|
49
49
|
{
|
|
50
50
|
"id": "section-2.3",
|
|
51
|
-
"href": "https://www.rfc-editor.org/
|
|
51
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.3",
|
|
52
52
|
"title": "Threat Model",
|
|
53
53
|
"level": 2,
|
|
54
54
|
"number": "2.3"
|
|
55
55
|
},
|
|
56
56
|
{
|
|
57
57
|
"id": "section-2.3.1",
|
|
58
|
-
"href": "https://www.rfc-editor.org/
|
|
58
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.3.1",
|
|
59
59
|
"title": "Threats Addressed",
|
|
60
60
|
"level": 3,
|
|
61
61
|
"number": "2.3.1"
|
|
62
62
|
},
|
|
63
63
|
{
|
|
64
64
|
"id": "section-2.3.1.1",
|
|
65
|
-
"href": "https://www.rfc-editor.org/
|
|
65
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.3.1.1",
|
|
66
66
|
"title": "Passive Network Attackers",
|
|
67
67
|
"level": 4,
|
|
68
68
|
"number": "2.3.1.1"
|
|
69
69
|
},
|
|
70
70
|
{
|
|
71
71
|
"id": "section-2.3.1.2",
|
|
72
|
-
"href": "https://www.rfc-editor.org/
|
|
72
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.3.1.2",
|
|
73
73
|
"title": "Active Network Attackers",
|
|
74
74
|
"level": 4,
|
|
75
75
|
"number": "2.3.1.2"
|
|
76
76
|
},
|
|
77
77
|
{
|
|
78
78
|
"id": "section-2.3.1.3",
|
|
79
|
-
"href": "https://www.rfc-editor.org/
|
|
79
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.3.1.3",
|
|
80
80
|
"title": "Web Site Development and Deployment Bugs",
|
|
81
81
|
"level": 4,
|
|
82
82
|
"number": "2.3.1.3"
|
|
83
83
|
},
|
|
84
84
|
{
|
|
85
85
|
"id": "section-2.3.2",
|
|
86
|
-
"href": "https://www.rfc-editor.org/
|
|
86
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.3.2",
|
|
87
87
|
"title": "Threats Not Addressed",
|
|
88
88
|
"level": 3,
|
|
89
89
|
"number": "2.3.2"
|
|
90
90
|
},
|
|
91
91
|
{
|
|
92
92
|
"id": "section-2.3.2.1",
|
|
93
|
-
"href": "https://www.rfc-editor.org/
|
|
93
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.3.2.1",
|
|
94
94
|
"title": "Phishing",
|
|
95
95
|
"level": 4,
|
|
96
96
|
"number": "2.3.2.1"
|
|
97
97
|
},
|
|
98
98
|
{
|
|
99
99
|
"id": "section-2.3.2.2",
|
|
100
|
-
"href": "https://www.rfc-editor.org/
|
|
100
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.3.2.2",
|
|
101
101
|
"title": "Malware and Browser Vulnerabilities",
|
|
102
102
|
"level": 4,
|
|
103
103
|
"number": "2.3.2.2"
|
|
104
104
|
},
|
|
105
105
|
{
|
|
106
106
|
"id": "section-2.4",
|
|
107
|
-
"href": "https://www.rfc-editor.org/
|
|
107
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.4",
|
|
108
108
|
"title": "Requirements",
|
|
109
109
|
"level": 2,
|
|
110
110
|
"number": "2.4"
|
|
111
111
|
},
|
|
112
112
|
{
|
|
113
113
|
"id": "section-2.4.1",
|
|
114
|
-
"href": "https://www.rfc-editor.org/
|
|
114
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.4.1",
|
|
115
115
|
"title": "Overall Requirement",
|
|
116
116
|
"level": 3,
|
|
117
117
|
"number": "2.4.1"
|
|
118
118
|
},
|
|
119
119
|
{
|
|
120
120
|
"id": "section-2.4.1.1",
|
|
121
|
-
"href": "https://www.rfc-editor.org/
|
|
121
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.4.1.1",
|
|
122
122
|
"title": "Detailed Core Requirements",
|
|
123
123
|
"level": 4,
|
|
124
124
|
"number": "2.4.1.1"
|
|
125
125
|
},
|
|
126
126
|
{
|
|
127
127
|
"id": "section-2.4.1.2",
|
|
128
|
-
"href": "https://www.rfc-editor.org/
|
|
128
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-2.4.1.2",
|
|
129
129
|
"title": "Detailed Ancillary Requirements",
|
|
130
130
|
"level": 4,
|
|
131
131
|
"number": "2.4.1.2"
|
|
132
132
|
},
|
|
133
133
|
{
|
|
134
134
|
"id": "section-3",
|
|
135
|
-
"href": "https://www.rfc-editor.org/
|
|
135
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-3",
|
|
136
136
|
"title": "Conformance Criteria",
|
|
137
137
|
"level": 1,
|
|
138
138
|
"number": "3"
|
|
139
139
|
},
|
|
140
140
|
{
|
|
141
141
|
"id": "section-4",
|
|
142
|
-
"href": "https://www.rfc-editor.org/
|
|
142
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-4",
|
|
143
143
|
"title": "Terminology",
|
|
144
144
|
"level": 1,
|
|
145
145
|
"number": "4"
|
|
146
146
|
},
|
|
147
147
|
{
|
|
148
148
|
"id": "section-5",
|
|
149
|
-
"href": "https://www.rfc-editor.org/
|
|
149
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-5",
|
|
150
150
|
"title": "HSTS Mechanism Overview",
|
|
151
151
|
"level": 1,
|
|
152
152
|
"number": "5"
|
|
153
153
|
},
|
|
154
154
|
{
|
|
155
155
|
"id": "section-5.1",
|
|
156
|
-
"href": "https://www.rfc-editor.org/
|
|
156
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-5.1",
|
|
157
157
|
"title": "HSTS Host Declaration",
|
|
158
158
|
"level": 2,
|
|
159
159
|
"number": "5.1"
|
|
160
160
|
},
|
|
161
161
|
{
|
|
162
162
|
"id": "section-5.2",
|
|
163
|
-
"href": "https://www.rfc-editor.org/
|
|
163
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-5.2",
|
|
164
164
|
"title": "HSTS Policy",
|
|
165
165
|
"level": 2,
|
|
166
166
|
"number": "5.2"
|
|
167
167
|
},
|
|
168
168
|
{
|
|
169
169
|
"id": "section-5.3",
|
|
170
|
-
"href": "https://www.rfc-editor.org/
|
|
170
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-5.3",
|
|
171
171
|
"title": "HSTS Policy Storage and Maintenance by User Agents",
|
|
172
172
|
"level": 2,
|
|
173
173
|
"number": "5.3"
|
|
174
174
|
},
|
|
175
175
|
{
|
|
176
176
|
"id": "section-5.4",
|
|
177
|
-
"href": "https://www.rfc-editor.org/
|
|
177
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-5.4",
|
|
178
178
|
"title": "User Agent HSTS Policy Enforcement",
|
|
179
179
|
"level": 2,
|
|
180
180
|
"number": "5.4"
|
|
181
181
|
},
|
|
182
182
|
{
|
|
183
183
|
"id": "section-6",
|
|
184
|
-
"href": "https://www.rfc-editor.org/
|
|
184
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-6",
|
|
185
185
|
"title": "Syntax",
|
|
186
186
|
"level": 1,
|
|
187
187
|
"number": "6"
|
|
188
188
|
},
|
|
189
189
|
{
|
|
190
190
|
"id": "section-6.1",
|
|
191
|
-
"href": "https://www.rfc-editor.org/
|
|
191
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-6.1",
|
|
192
192
|
"title": "Strict-Transport-Security HTTP Response Header Field",
|
|
193
193
|
"level": 2,
|
|
194
194
|
"number": "6.1"
|
|
195
195
|
},
|
|
196
196
|
{
|
|
197
197
|
"id": "section-6.1.1",
|
|
198
|
-
"href": "https://www.rfc-editor.org/
|
|
198
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-6.1.1",
|
|
199
199
|
"title": "The max-age Directive",
|
|
200
200
|
"level": 3,
|
|
201
201
|
"number": "6.1.1"
|
|
202
202
|
},
|
|
203
203
|
{
|
|
204
204
|
"id": "section-6.1.2",
|
|
205
|
-
"href": "https://www.rfc-editor.org/
|
|
205
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-6.1.2",
|
|
206
206
|
"title": "The includeSubDomains Directive",
|
|
207
207
|
"level": 3,
|
|
208
208
|
"number": "6.1.2"
|
|
209
209
|
},
|
|
210
210
|
{
|
|
211
211
|
"id": "section-6.2",
|
|
212
|
-
"href": "https://www.rfc-editor.org/
|
|
212
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-6.2",
|
|
213
213
|
"title": "Examples",
|
|
214
214
|
"level": 2,
|
|
215
215
|
"number": "6.2"
|
|
216
216
|
},
|
|
217
217
|
{
|
|
218
218
|
"id": "section-7",
|
|
219
|
-
"href": "https://www.rfc-editor.org/
|
|
219
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-7",
|
|
220
220
|
"title": "Server Processing Model",
|
|
221
221
|
"level": 1,
|
|
222
222
|
"number": "7"
|
|
223
223
|
},
|
|
224
224
|
{
|
|
225
225
|
"id": "section-7.1",
|
|
226
|
-
"href": "https://www.rfc-editor.org/
|
|
226
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-7.1",
|
|
227
227
|
"title": "HTTP-over-Secure-Transport Request Type",
|
|
228
228
|
"level": 2,
|
|
229
229
|
"number": "7.1"
|
|
230
230
|
},
|
|
231
231
|
{
|
|
232
232
|
"id": "section-7.2",
|
|
233
|
-
"href": "https://www.rfc-editor.org/
|
|
233
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-7.2",
|
|
234
234
|
"title": "HTTP Request Type",
|
|
235
235
|
"level": 2,
|
|
236
236
|
"number": "7.2"
|
|
237
237
|
},
|
|
238
238
|
{
|
|
239
239
|
"id": "section-8",
|
|
240
|
-
"href": "https://www.rfc-editor.org/
|
|
240
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-8",
|
|
241
241
|
"title": "User Agent Processing Model",
|
|
242
242
|
"level": 1,
|
|
243
243
|
"number": "8"
|
|
244
244
|
},
|
|
245
245
|
{
|
|
246
246
|
"id": "section-8.1",
|
|
247
|
-
"href": "https://www.rfc-editor.org/
|
|
247
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-8.1",
|
|
248
248
|
"title": "Strict-Transport-Security Response Header Field Processing",
|
|
249
249
|
"level": 2,
|
|
250
250
|
"number": "8.1"
|
|
251
251
|
},
|
|
252
252
|
{
|
|
253
253
|
"id": "section-8.1.1",
|
|
254
|
-
"href": "https://www.rfc-editor.org/
|
|
254
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-8.1.1",
|
|
255
255
|
"title": "Noting an HSTS Host - Storage Model",
|
|
256
256
|
"level": 3,
|
|
257
257
|
"number": "8.1.1"
|
|
258
258
|
},
|
|
259
259
|
{
|
|
260
260
|
"id": "section-8.2",
|
|
261
|
-
"href": "https://www.rfc-editor.org/
|
|
261
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-8.2",
|
|
262
262
|
"title": "Known HSTS Host Domain Name Matching",
|
|
263
263
|
"level": 2,
|
|
264
264
|
"number": "8.2"
|
|
265
265
|
},
|
|
266
266
|
{
|
|
267
267
|
"id": "section-8.3",
|
|
268
|
-
"href": "https://www.rfc-editor.org/
|
|
268
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-8.3",
|
|
269
269
|
"title": "URI Loading and Port Mapping",
|
|
270
270
|
"level": 2,
|
|
271
271
|
"number": "8.3"
|
|
272
272
|
},
|
|
273
273
|
{
|
|
274
274
|
"id": "section-8.4",
|
|
275
|
-
"href": "https://www.rfc-editor.org/
|
|
275
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-8.4",
|
|
276
276
|
"title": "Errors in Secure Transport Establishment",
|
|
277
277
|
"level": 2,
|
|
278
278
|
"number": "8.4"
|
|
279
279
|
},
|
|
280
280
|
{
|
|
281
281
|
"id": "section-8.5",
|
|
282
|
-
"href": "https://www.rfc-editor.org/
|
|
282
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-8.5",
|
|
283
283
|
"title": "HTTP-Equiv <Meta> Element Attribute",
|
|
284
284
|
"level": 2,
|
|
285
285
|
"number": "8.5"
|
|
286
286
|
},
|
|
287
287
|
{
|
|
288
288
|
"id": "section-8.6",
|
|
289
|
-
"href": "https://www.rfc-editor.org/
|
|
289
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-8.6",
|
|
290
290
|
"title": "Missing Strict-Transport-Security Response Header Field",
|
|
291
291
|
"level": 2,
|
|
292
292
|
"number": "8.6"
|
|
293
293
|
},
|
|
294
294
|
{
|
|
295
295
|
"id": "section-9",
|
|
296
|
-
"href": "https://www.rfc-editor.org/
|
|
296
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-9",
|
|
297
297
|
"title": "Constructing an Effective Request URI",
|
|
298
298
|
"level": 1,
|
|
299
299
|
"number": "9"
|
|
300
300
|
},
|
|
301
301
|
{
|
|
302
302
|
"id": "section-9.1",
|
|
303
|
-
"href": "https://www.rfc-editor.org/
|
|
303
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-9.1",
|
|
304
304
|
"title": "ERU Fundamental Definitions",
|
|
305
305
|
"level": 2,
|
|
306
306
|
"number": "9.1"
|
|
307
307
|
},
|
|
308
308
|
{
|
|
309
309
|
"id": "section-9.2",
|
|
310
|
-
"href": "https://www.rfc-editor.org/
|
|
310
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-9.2",
|
|
311
311
|
"title": "Determining the Effective Request URI",
|
|
312
312
|
"level": 2,
|
|
313
313
|
"number": "9.2"
|
|
314
314
|
},
|
|
315
315
|
{
|
|
316
316
|
"id": "section-9.2.1",
|
|
317
|
-
"href": "https://www.rfc-editor.org/
|
|
317
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-9.2.1",
|
|
318
318
|
"title": "Effective Request URI Examples",
|
|
319
319
|
"level": 3,
|
|
320
320
|
"number": "9.2.1"
|
|
321
321
|
},
|
|
322
322
|
{
|
|
323
323
|
"id": "section-10",
|
|
324
|
-
"href": "https://www.rfc-editor.org/
|
|
324
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-10",
|
|
325
325
|
"title": "Domain Name IDNA-Canonicalization",
|
|
326
326
|
"level": 1,
|
|
327
327
|
"number": "10"
|
|
328
328
|
},
|
|
329
329
|
{
|
|
330
330
|
"id": "section-11",
|
|
331
|
-
"href": "https://www.rfc-editor.org/
|
|
331
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-11",
|
|
332
332
|
"title": "Server Implementation and Deployment Advice",
|
|
333
333
|
"level": 1,
|
|
334
334
|
"number": "11"
|
|
335
335
|
},
|
|
336
336
|
{
|
|
337
337
|
"id": "section-11.1",
|
|
338
|
-
"href": "https://www.rfc-editor.org/
|
|
338
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-11.1",
|
|
339
339
|
"title": "Non-Conformant User Agent Considerations",
|
|
340
340
|
"level": 2,
|
|
341
341
|
"number": "11.1"
|
|
342
342
|
},
|
|
343
343
|
{
|
|
344
344
|
"id": "section-11.2",
|
|
345
|
-
"href": "https://www.rfc-editor.org/
|
|
345
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-11.2",
|
|
346
346
|
"title": "HSTS Policy Expiration Time Considerations",
|
|
347
347
|
"level": 2,
|
|
348
348
|
"number": "11.2"
|
|
349
349
|
},
|
|
350
350
|
{
|
|
351
351
|
"id": "section-11.3",
|
|
352
|
-
"href": "https://www.rfc-editor.org/
|
|
352
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-11.3",
|
|
353
353
|
"title": "Using HSTS in Conjunction with Self-Signed Public-Key",
|
|
354
354
|
"level": 2,
|
|
355
355
|
"number": "11.3"
|
|
356
356
|
},
|
|
357
357
|
{
|
|
358
358
|
"id": "section-11.4",
|
|
359
|
-
"href": "https://www.rfc-editor.org/
|
|
359
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-11.4",
|
|
360
360
|
"title": "Implications of includeSubDomains",
|
|
361
361
|
"level": 2,
|
|
362
362
|
"number": "11.4"
|
|
363
363
|
},
|
|
364
364
|
{
|
|
365
365
|
"id": "section-11.4.1",
|
|
366
|
-
"href": "https://www.rfc-editor.org/
|
|
366
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-11.4.1",
|
|
367
367
|
"title": "Considerations for Offering Unsecured HTTP Services at",
|
|
368
368
|
"level": 3,
|
|
369
369
|
"number": "11.4.1"
|
|
370
370
|
},
|
|
371
371
|
{
|
|
372
372
|
"id": "section-11.4.2",
|
|
373
|
-
"href": "https://www.rfc-editor.org/
|
|
373
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-11.4.2",
|
|
374
374
|
"title": "Considerations for Offering Web Applications at Subdomains of",
|
|
375
375
|
"level": 3,
|
|
376
376
|
"number": "11.4.2"
|
|
377
377
|
},
|
|
378
378
|
{
|
|
379
379
|
"id": "section-12",
|
|
380
|
-
"href": "https://www.rfc-editor.org/
|
|
380
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-12",
|
|
381
381
|
"title": "User Agent Implementation Advice",
|
|
382
382
|
"level": 1,
|
|
383
383
|
"number": "12"
|
|
384
384
|
},
|
|
385
385
|
{
|
|
386
386
|
"id": "section-12.1",
|
|
387
|
-
"href": "https://www.rfc-editor.org/
|
|
387
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-12.1",
|
|
388
388
|
"title": "No User Recourse",
|
|
389
389
|
"level": 2,
|
|
390
390
|
"number": "12.1"
|
|
391
391
|
},
|
|
392
392
|
{
|
|
393
393
|
"id": "section-12.2",
|
|
394
|
-
"href": "https://www.rfc-editor.org/
|
|
394
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-12.2",
|
|
395
395
|
"title": "User-Declared HSTS Policy",
|
|
396
396
|
"level": 2,
|
|
397
397
|
"number": "12.2"
|
|
398
398
|
},
|
|
399
399
|
{
|
|
400
400
|
"id": "section-12.3",
|
|
401
|
-
"href": "https://www.rfc-editor.org/
|
|
401
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-12.3",
|
|
402
402
|
"title": "HSTS Pre-Loaded List",
|
|
403
403
|
"level": 2,
|
|
404
404
|
"number": "12.3"
|
|
405
405
|
},
|
|
406
406
|
{
|
|
407
407
|
"id": "section-12.4",
|
|
408
|
-
"href": "https://www.rfc-editor.org/
|
|
408
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-12.4",
|
|
409
409
|
"title": "Disallow Mixed Security Context Loads",
|
|
410
410
|
"level": 2,
|
|
411
411
|
"number": "12.4"
|
|
412
412
|
},
|
|
413
413
|
{
|
|
414
414
|
"id": "section-12.5",
|
|
415
|
-
"href": "https://www.rfc-editor.org/
|
|
415
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-12.5",
|
|
416
416
|
"title": "HSTS Policy Deletion",
|
|
417
417
|
"level": 2,
|
|
418
418
|
"number": "12.5"
|
|
419
419
|
},
|
|
420
420
|
{
|
|
421
421
|
"id": "section-13",
|
|
422
|
-
"href": "https://www.rfc-editor.org/
|
|
422
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-13",
|
|
423
423
|
"title": "Internationalized Domain Names for Applications (IDNA): Dependency",
|
|
424
424
|
"level": 1,
|
|
425
425
|
"number": "13"
|
|
426
426
|
},
|
|
427
427
|
{
|
|
428
428
|
"id": "section-14",
|
|
429
|
-
"href": "https://www.rfc-editor.org/
|
|
429
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-14",
|
|
430
430
|
"title": "Security Considerations",
|
|
431
431
|
"level": 1,
|
|
432
432
|
"number": "14"
|
|
433
433
|
},
|
|
434
434
|
{
|
|
435
435
|
"id": "section-14.1",
|
|
436
|
-
"href": "https://www.rfc-editor.org/
|
|
436
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-14.1",
|
|
437
437
|
"title": "Underlying Secure Transport Considerations",
|
|
438
438
|
"level": 2,
|
|
439
439
|
"number": "14.1"
|
|
440
440
|
},
|
|
441
441
|
{
|
|
442
442
|
"id": "section-14.2",
|
|
443
|
-
"href": "https://www.rfc-editor.org/
|
|
443
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-14.2",
|
|
444
444
|
"title": "Non-Conformant User Agent Implications",
|
|
445
445
|
"level": 2,
|
|
446
446
|
"number": "14.2"
|
|
447
447
|
},
|
|
448
448
|
{
|
|
449
449
|
"id": "section-14.3",
|
|
450
|
-
"href": "https://www.rfc-editor.org/
|
|
450
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-14.3",
|
|
451
451
|
"title": "Ramifications of HSTS Policy Establishment Only over Error-Free",
|
|
452
452
|
"level": 2,
|
|
453
453
|
"number": "14.3"
|
|
454
454
|
},
|
|
455
455
|
{
|
|
456
456
|
"id": "section-14.4",
|
|
457
|
-
"href": "https://www.rfc-editor.org/
|
|
457
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-14.4",
|
|
458
458
|
"title": "The Need for includeSubDomains",
|
|
459
459
|
"level": 2,
|
|
460
460
|
"number": "14.4"
|
|
461
461
|
},
|
|
462
462
|
{
|
|
463
463
|
"id": "section-14.5",
|
|
464
|
-
"href": "https://www.rfc-editor.org/
|
|
464
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-14.5",
|
|
465
465
|
"title": "Denial of Service",
|
|
466
466
|
"level": 2,
|
|
467
467
|
"number": "14.5"
|
|
468
468
|
},
|
|
469
469
|
{
|
|
470
470
|
"id": "section-14.6",
|
|
471
|
-
"href": "https://www.rfc-editor.org/
|
|
471
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-14.6",
|
|
472
472
|
"title": "Bootstrap MITM Vulnerability",
|
|
473
473
|
"level": 2,
|
|
474
474
|
"number": "14.6"
|
|
475
475
|
},
|
|
476
476
|
{
|
|
477
477
|
"id": "section-14.7",
|
|
478
|
-
"href": "https://www.rfc-editor.org/
|
|
478
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-14.7",
|
|
479
479
|
"title": "Network Time Attacks",
|
|
480
480
|
"level": 2,
|
|
481
481
|
"number": "14.7"
|
|
482
482
|
},
|
|
483
483
|
{
|
|
484
484
|
"id": "section-14.8",
|
|
485
|
-
"href": "https://www.rfc-editor.org/
|
|
485
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-14.8",
|
|
486
486
|
"title": "Bogus Root CA Certificate Phish plus DNS Cache Poisoning Attack",
|
|
487
487
|
"level": 2,
|
|
488
488
|
"number": "14.8"
|
|
489
489
|
},
|
|
490
490
|
{
|
|
491
491
|
"id": "section-14.9",
|
|
492
|
-
"href": "https://www.rfc-editor.org/
|
|
492
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-14.9",
|
|
493
493
|
"title": "Creative Manipulation of HSTS Policy Store",
|
|
494
494
|
"level": 2,
|
|
495
495
|
"number": "14.9"
|
|
496
496
|
},
|
|
497
497
|
{
|
|
498
498
|
"id": "section-14.10",
|
|
499
|
-
"href": "https://www.rfc-editor.org/
|
|
499
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-14.10",
|
|
500
500
|
"title": "Internationalized Domain Names",
|
|
501
501
|
"level": 2,
|
|
502
502
|
"number": "14.10"
|
|
503
503
|
},
|
|
504
504
|
{
|
|
505
505
|
"id": "section-15",
|
|
506
|
-
"href": "https://www.rfc-editor.org/
|
|
506
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-15",
|
|
507
507
|
"title": "IANA Considerations",
|
|
508
508
|
"level": 1,
|
|
509
509
|
"number": "15"
|
|
510
510
|
},
|
|
511
511
|
{
|
|
512
512
|
"id": "section-16",
|
|
513
|
-
"href": "https://www.rfc-editor.org/
|
|
513
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-16",
|
|
514
514
|
"title": "References",
|
|
515
515
|
"level": 1,
|
|
516
516
|
"number": "16"
|
|
517
517
|
},
|
|
518
518
|
{
|
|
519
519
|
"id": "section-16.1",
|
|
520
|
-
"href": "https://www.rfc-editor.org/
|
|
520
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-16.1",
|
|
521
521
|
"title": "Normative References",
|
|
522
522
|
"level": 2,
|
|
523
523
|
"number": "16.1"
|
|
524
524
|
},
|
|
525
525
|
{
|
|
526
526
|
"id": "section-16.2",
|
|
527
|
-
"href": "https://www.rfc-editor.org/
|
|
527
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#section-16.2",
|
|
528
528
|
"title": "Informative References",
|
|
529
529
|
"level": 2,
|
|
530
530
|
"number": "16.2"
|
|
531
531
|
},
|
|
532
532
|
{
|
|
533
533
|
"id": "appendix-A",
|
|
534
|
-
"href": "https://www.rfc-editor.org/
|
|
534
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#appendix-A",
|
|
535
535
|
"title": "Design Decision Notes",
|
|
536
536
|
"level": 1,
|
|
537
537
|
"number": "A"
|
|
538
538
|
},
|
|
539
539
|
{
|
|
540
540
|
"id": "appendix-B",
|
|
541
|
-
"href": "https://www.rfc-editor.org/
|
|
541
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#appendix-B",
|
|
542
542
|
"title": "Differences between HSTS Policy and Same-Origin Policy",
|
|
543
543
|
"level": 1,
|
|
544
544
|
"number": "B"
|
|
545
545
|
},
|
|
546
546
|
{
|
|
547
547
|
"id": "appendix-C",
|
|
548
|
-
"href": "https://www.rfc-editor.org/
|
|
548
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#appendix-C",
|
|
549
549
|
"title": "Acknowledgments",
|
|
550
550
|
"level": 1,
|
|
551
551
|
"number": "C"
|
|
552
|
+
},
|
|
553
|
+
{
|
|
554
|
+
"id": "in-this-section",
|
|
555
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#in-this-section",
|
|
556
|
+
"level": 2,
|
|
557
|
+
"title": "In this section"
|
|
558
|
+
},
|
|
559
|
+
{
|
|
560
|
+
"id": "http-strict-transport-security-hsts",
|
|
561
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#http-strict-transport-security-hsts",
|
|
562
|
+
"level": 1,
|
|
563
|
+
"title": "RFC 6797: HTTP Strict Transport Security (HSTS)"
|
|
564
|
+
},
|
|
565
|
+
{
|
|
566
|
+
"id": "useful-links",
|
|
567
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#useful-links",
|
|
568
|
+
"level": 2,
|
|
569
|
+
"title": "Useful links"
|
|
570
|
+
},
|
|
571
|
+
{
|
|
572
|
+
"id": "contact-us",
|
|
573
|
+
"href": "https://www.rfc-editor.org/info/rfc6797/#contact-us",
|
|
574
|
+
"level": 2,
|
|
575
|
+
"title": "Contact Us"
|
|
552
576
|
}
|
|
553
577
|
]
|
|
554
578
|
}
|