MozillaWiki

Security/FirefoxOperations: Difference between revisions

Page Discussion

Security/FirefoxOperations (view source)

Revision as of 14:06, 18 May 2018

71 bytes added ,  18 May 2018
no edit summary
No edit summary
No edit summary
Line 81: Line 81:
* [ ] Set HSTS to 31536000 (1 year)
* [ ] Set HSTS to 31536000 (1 year)
   * `strict-transport-security: max-age=31536000`
   * `strict-transport-security: max-age=31536000`
   * [ ] If the service is not hosted under `services.mozilla.com`, it must be manually added to [Firefox's preloaded pins](https://dxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json#184).
   * [ ] If the service is not hosted under `services.mozilla.com`, it must be manually added to [Firefox's preloaded pins](https://dxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json#184). This only applies to production services, not short-lived experiments.
* If service has an admin panels, it must:
* If service has an admin panels, it must:
   * [ ] only be available behind Mozilla VPN (which provides MFA)
   * [ ] only be available behind Mozilla VPN (which provides MFA)
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1194079"