#21418: New Tor Browser http response header, for high security websites --------------------------------------+-------------------------- Reporter: micahlee | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+--------------------------
Comment (by micahlee): Tom, that's a very good point about how after the attacker hacks a web server they can change the response headers. It seems like, to accomplish this for SecureDrop servers, Tor Browser would have to bundle some sort of Tor-High-Security preload list of domains, similar to the HSTS preload list. And, of course, start maintaining that list. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21418#comment:5> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs