April King april
🔒
april
/ gist:ffe26e20d684d2c6d83e23222bb5276f
Created
October 12, 2016 21:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Package: nginx | |
| Version: 1.11.5-1~xenial | |
| Architecture: amd64 | |
| Maintainer: Sergey Budnevitch <[email protected]> | |
| Installed-Size: 2526 | |
| Depends: libc6 (>= 2.14), libpcre3, libssl1.0.0 (>= 1.0.2~beta3), zlib1g (>= 1:1.1.4), lsb-base, adduser | |
| Provides: httpd | |
| Filename: pool/nginx/n/nginx/nginx_1.11.5-1~xenial_amd64.deb | |
| Size: 746510 | |
| MD5sum: b09028b4f946fadd18ba75651a336495 |
april
/ ansible.yml
Last active
October 12, 2016 22:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: web | |
| become: true | |
| become_user: root | |
| tasks: | |
| - name: Install nginx signing key | |
| apt_key: url=https://nginx.org/keys/nginx_signing.key state=present | |
| - name: Add nginx binary repository | |
| apt_repository: repo='deb https://nginx.org/packages/mainline/ubuntu {{ ansible_distribution_release }} nginx' state=present | |
| - name: Add nginx source repository |
april
/ gist:0f6a1fa0283f2e9e3e916d1dad7aff48
Created
September 13, 2016 18:50
frame-ancestors use amongst the Alexa Top 1M, April 2016
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| asstr.org: frame-ancestors self https://*.asstr.org | |
| cottontraders.com: frame-ancestors 'self' | |
| fishtanksdirect.com: frame-ancestors 'self' | |
| extremeshok.com: frame-ancestors 'self' webshok.com *.webshok.com extremeshok.com *.extremeshok.com | |
| bitdefender.de: frame-ancestors 'self' https://bitdefender.marketing.adobe.com | |
| ogilvydo.com: frame-ancestors ogilvyonelp.asiadigitalhub.com ogilvy.com.my www.ogilvy.com.my ogilvyone.asia www.ogilvyone.asia customerengagement.com www.customerengagement.com bitcast-a.v1.hkg1.bitgravity.com www.ogilvydo.com | |
| bostonheatingsupply.com: frame-ancestors 'self' | |
| scottradeinvestmentmanagement.com: frame-ancestors https://*.scottrade.com | |
| hastrk2.com: frame-ancestors 'self' https://*.google.com https://*.googleusercontent.com https://editionsatplay.withgoogle.com https://livecase.withgoogle.com | |
| toysrus.co.uk: frame-ancestors 'self' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http_observatory=# select result, count(result) from tests where name='x-frame-options' group by result; | |
| result | count | |
| -------------------------------------+-------- | |
| x-frame-options-not-implemented | 887643 | |
| x-frame-options-sameorigin-or-deny | 66073 | |
| x-frame-options-implemented-via-csp | 916 | |
| x-frame-options-header-invalid | 3463 | |
| x-frame-options-allow-from-origin | 312 |
april
/ gist:0d88fce62fa8a860d14b4a33dcf74a17
Created
August 10, 2016 20:35
Most popular HSTS max-age values where preload is set
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| max_age | count | |
| --------------+------- | |
| 63072000 | 893 | |
| 31536000 | 862 | |
| 15552000 | 505 | |
| 0 | 209 | |
| 15768000 | 119 | |
| 10886400 | 86 | |
| 2592000 | 83 | |
| 16000000 | 31 |
april
/ gist:eb756a7899becce19f619910f019039e
Last active
September 30, 2016 21:40
Alexa Top 1M with HSTS, April 2016, ordered by max-age frequency
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| max_age | count | |
| --------------+------- | |
| 31536000 | 9222 | |
| 15552000 | 3445 | |
| 63072000 | 1622 | |
| 15768000 | 1582 | |
| 0 | 891 | |
| 300 | 482 | |
| 16070400 | 366 | |
| 2592000 | 350 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name site.mozilla.org; | |
| location / { | |
| return 301 https://$server_name$request_uri; | |
| } | |
| location /twohundredinator { | |
| access_log off; |
april
/ Totem Cycle
Last active
June 5, 2016 03:23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hedron Totem -- 2C | |
| Artifact Creature — Golem | |
| Defender | |
| {name} is indestructible as long as you control another nonland, colorless permanent. | |
| Colorless spells cost {1} less to cast. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ❯ httpobs -r ssllabs.com | |
| Score: 35 [D-] | |
| Modifiers: | |
| [ -5] Initial redirection from http to https is to a different host, preventing HSTS | |
| [ -5] X-Content-Type-Options header not implemented | |
| [ -10] X-XSS-Protection header not implemented | |
| [ -20] X-Frame-Options (XFO) header not implemented | |
| [ -25] Content Security Policy (CSP) header not implemented |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ httpobs garron.net | |
| Score: 45 [D+] | |
| Modifiers: | |
| [ +5] Preloaded via the HTTP Strict Transport Security (HSTS) preloading process | |
| [ -5] X-Content-Type-Options header not implemented | |
| [ -10] X-XSS-Protection header not implemented | |
| [ -20] X-Frame-Options (XFO) header not implemented | |
| [ -25] Content Security Policy (CSP) header not implemented | |
| $ httpobs pokeinthe.io |