Strict Transport Security (STS) has gone live on PayPal yesterday.

STS is a simple yet effective system for web sites requiring high safety levels, e.g. payment gateways or financial institutions, to force HTTPS connections on every request originated by supporting browsers.

It is currently supported by NoScript, Chrome 4 beta and Sid Stamm's Force TLS.

Together with NoScript's anti-XSS protection, this feature makes PayPal a much safer service for NoScript users.

5 Responses to “PayPal is Safer with NoScript”

  1. #1 Alan Baxter says:

    Does it hurt anything if I to continue to force *.paypal.com using the NoScript Force HTTPS facility while never forcing email*.paypal.com?

  2. #2 GµårÐïåñ says:

    Well despite the fact that PayPal totally sucks and I hate having to deal with them at all, it is good news that at least with NoScript they are safer to use. I would still be interested to know about what Alan asked, is it a replacement (or redundant) to using Force HTTPS or can they be used in conjunction? If so, will they cause any issues?

  3. #3 Giorgio says:

    @Alan Baxter:
    No, using the NoScript Options|Advanced|HTTPS stuff doesn't hurt anything on STS-enabled sites.

    Actually, the "normal" (user-driven) HTTPS-enforcing NoScript features can be used to customize STS: for instance, the "never force HTTPS" list does affect STS, allowing you to state user-driven exceptions to the server-driven enforcement.

  4. #4 PayPal is Safer with NoScript [ hackademix.net ] says:

    [...] PayPal is Safer with NoScript Found 2 hours, 14 minutes ago Strict Transport Security STS has gone live on PayPal yesterday STS is a simple yet effective system for web sites requiring high safety levels eg payment gateways or financial institutions to force HTTPS connections on every request originated by supporting browsers It is currently supported by NoScript Chrome 4 beta and Sid Stamm8217s Force TLS Together with NoScript8217s From: hackademix.net [...]

  5. #5 uberVU - social comments says:

    Social comments and analytics for this post

    This post was mentioned on Twitter by planetmozilla: Giorgio Maone: PayPal is Safer with NoScript: Strict Transport Security (STS) has gone live on PayPal yesterday.. http://bit.ly/3YqKe2

Bad Behavior has blocked 2182 access attempts in the last 7 days.