🔒 NASAGOVAPINASA
Secure Server dengan Proteksi Lengkap
🔐 HTTPS/2
🛡️ HSTS
⚡ Rate Limiting
🚫 X-Frame-Options
🔄 CSP
$ curl -I https://nasagovapinasa.dpdns.org | grep -i hsts
strict-transport-security: max-age=31536000; includeSubDomains; preload
✅ HSTS ACTIVE - Browser akan paksa HTTPS selama 1 tahun!
🔐 HSTS Status
Active (max-age=31536000, includeSubDomains, preload)
🛡️ Rate Limiting
5 requests/second per IP
🚫 X-Frame-Options
SAMEORIGIN
📋 X-Content-Type-Options
nosniff
🛡️ X-XSS-Protection
1; mode=block
🌐 Referrer-Policy
strict-origin-when-cross-origin
📱 Permissions-Policy
geolocation=(), microphone=(), camera=()
🔍 Content-Security-Policy
Active via Meta Tag
📋 Security Headers Aktif:
- Strict-Transport-Security (HSTS) - max-age=31536000; includeSubDomains; preload
- X-Frame-Options - SAMEORIGIN (Mencegah clickjacking)
- X-Content-Type-Options - nosniff (Mencegah MIME sniffing)
- X-XSS-Protection - 1; mode=block (XSS protection)
- Referrer-Policy - strict-origin-when-cross-origin
- Permissions-Policy - Membatasi fitur sensitif
- Content-Security-Policy - Membatasi sumber konten
⚠️ Testing HSTS di Browser:
1. Buka chrome://net-internals/#hsts di Chrome/Edge
2. Di bagian "Query HSTS/PKP domain", masukkan: nasagovapinasa.dpdns.org
3. Klik "Query" - harusnya muncul informasi HSTS
4. Atau gunakan: hstspreload.org
✅ Rate Limiting Test:
Untuk testing rate limiting, jalankan command ini dari terminal lain:
for i in {1..20}; do
curl -I https://nasagovapinasa.dpdns.org/ -w "%{http_code}\n" -o /dev/null -s
sleep 0.1
done
Request ke-6 sampai seterusnya akan kena HTTP 503 (Rate Limited)