HTTPS
• Service Workers• getUserMedia• Push Notifications• App Cache
• Encrypted Media Extensions
• Geo Location• HTTPS/2
.https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features
HTTPS API
• Service Workers• getUserMedia• Push Notifications• App Cache
• Encrypted Media Extensions
• Geo Location• HTTPS/2
For more information, see:https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features
( ) HTTPS
Client Server
GET / HTTP 1.1
HTTP/1.1 301 Moved PermanentlyLocation: https://bob-site.com
Client Hello
Server Hello Certificate
Client Finished
Server Finished
GET / HTTP 1.1(secure connection)
TLS
Han
dsha
ke
{
{{
( ) HTTPS
Client Server
GET / HTTP 1.1
HTTP/1.1 301 Moved PermanentlyLocation: https://bob-site.com
Client Hello
Server Hello Certificate
Client Finished
Server Finished
GET / HTTP 1.1(secure connection)
TLS
Han
dsha
ke
{
{{ ( )
HTTP Strict Transport Security (HSTS)
Strict-Transport-Security: max-age=2592000; includeSubDomains
“HTTPS HTTPS .”
TLS
Client Server
GET / HTTP 1.1
HTTP/1.1 301 Moved PermanentlyLocation: https://bob-site.com
Client Hello (with session id)
Server Hello Certificate
Client Finished
Server Finished
GET / HTTP 1.1(secure connection)
TLS
Han
dsha
ke
{
{{
TLS False Start
Client Server
GET / HTTP 1.1
HTTP/1.1 301 Moved PermanentlyLocation: https://bob-site.com
Client Hello
Server Hello Certificate
Client Finished
Server Finished
GET / HTTP 1.1(secure connection)
TLS
Han
dsha
ke
{
{{
GET / HTTP/1.1
HTTP/1.1 301 Moved PermanentlyLocation: https://charlieschats.com
GET / HTTP/1.1
<link rel=“canonical” href=“https://charlieschats.com”>
.
?
developers.google.com/web/fundamentals/security/encrypt-in-transit/
(CSP) developers.google.com/web/fundamentals/security/csp/
(Mixed) developers.google.com/web/fundamentals/security/prevent-mixed-content/