HSTS preload

If you have already started using HSTS to force users to your HTTPS website, the use of ‘preload’ is another simple addition as it only requires the addition of the keyword to the header.

Once done, you can either wait for your site to be identified (which can take a long time, or forever for less popular websites) or ideally, submit your hostname to be added to the lists preloaded in many modern browsers. The advantage here is that your users will never make a single request to your HTTP website and will automatically be directed to HTTPS.

An HTTP Header example:

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

Apache2 configuration example:

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"


Clear Linux bash history

While having history available with the simple use of the up arrow is a convenience feature common to most linux builds it can come with some risk. One such risk is when you have inadvertently typed a password instead of a command, or had to pipe credentials into a command.

Thankfully, you can clear the entire history with a variety of methods, the most common are below but others are available in the references.

history -c && history -w

cat /dev/null > ~/.bash_history && history -c && exit