Strict Transport Security (STS) has gone live on PayPal yesterday.
STS is a simple yet effective system for web sites requiring high safety levels, e.g. payment gateways or financial institutions, to force HTTPS connections on every request originated by supporting browsers.
It is currently supported by NoScript, Chrome 4 beta and Sid Stamm's Force TLS.
Together with NoScript's anti-XSS protection, this feature makes PayPal a much safer service for NoScript users.
November 7th, 2009 at 7:38 pm
Does it hurt anything if I to continue to force *.paypal.com using the NoScript Force HTTPS facility while never forcing email*.paypal.com?
November 7th, 2009 at 10:35 pm
Well despite the fact that PayPal totally sucks and I hate having to deal with them at all, it is good news that at least with NoScript they are safer to use. I would still be interested to know about what Alan asked, is it a replacement (or redundant) to using Force HTTPS or can they be used in conjunction? If so, will they cause any issues?
November 8th, 2009 at 12:33 am
@Alan Baxter:
No, using the NoScript Options|Advanced|HTTPS stuff doesn't hurt anything on STS-enabled sites.
Actually, the "normal" (user-driven) HTTPS-enforcing NoScript features can be used to customize STS: for instance, the "never force HTTPS" list does affect STS, allowing you to state user-driven exceptions to the server-driven enforcement.
November 8th, 2009 at 1:46 am
[...] PayPal is Safer with NoScript Found 2 hours, 14 minutes ago Strict Transport Security STS has gone live on PayPal yesterday STS is a simple yet effective system for web sites requiring high safety levels eg payment gateways or financial institutions to force HTTPS connections on every request originated by supporting browsers It is currently supported by NoScript Chrome 4 beta and Sid Stamm8217s Force TLS Together with NoScript8217s From: hackademix.net [...]
November 22nd, 2009 at 10:54 pm
Social comments and analytics for this post
This post was mentioned on Twitter by planetmozilla: Giorgio Maone: PayPal is Safer with NoScript: Strict Transport Security (STS) has gone live on PayPal yesterday.. http://bit.ly/3YqKe2