blob: aaac84b199cfb5eb0e560b1ee8c0bc45f6ad1484 [file] [log] [blame]
#domain-security-policy-view-tab-content tt {
word-wrap: break-word;
<!-- HSTS/PKP/Expect-CT tab -->
<div id=domain-security-policy-view-tab-content class=content-box>
<!-- This UI allows a user to query and update the browser's list of
HSTS/PKP/Expect-CT domains. -->
<div class=deindent-header>
HSTS is HTTP Strict Transport Security: a way for sites to elect to
always use HTTPS. See <a href="" target=_blank></a>. PKP is Public Key Pinning: Chrome "pins"
certain public keys for certain sites in official builds.</div>
<h4>Add HSTS domain</h4>
<p>Input a domain name to add it to the HSTS set:</p>
<form id=hsts-view-add-form>
Domain: <input type=text id=hsts-view-add-input type="url"
<label>Include subdomains for STS: <input type="checkbox" id=hsts-view-check-sts-input></label><br>
<input type=submit value="Add" id=hsts-view-add-submit>
<h4>Query HSTS/PKP domain</h4>
<p>Input a domain name to query the current HSTS/PKP set:</p>
<form id=hsts-view-query-form>
Domain: <input type=text id=hsts-view-query-input type="url"
<input type=submit value="Query" id=hsts-view-query-submit>
<div style="margin-top: 1em; margin-left: 2em;" id=hsts-view-query-output></div>
<div class=deindent-header>
Expect-CT allows sites to elect to always require valid Certificate
Transparency information. See
<a href="" target=_blank></a>.</div>
<h4>Add Expect-CT domain</h4>
<p>Input a domain name to add it to the Expect-CT set. Leave Enforce unchecked
to configure Expect-CT in report-only mode.</p>
<form id=expect-ct-view-add-form>
<div><label>Domain: <input type=text id=expect-ct-view-add-input type="url"
<div><label>Report URI (optional):
<input type=text id=expect-ct-view-add-report-uri-input type="url"
<input type="checkbox" id=expect-ct-view-check-enforce-input></label>
<input type=submit value="Add" id=expect-ct-view-add-submit>
<h4>Query Expect-CT domain</h4>
<p>Input a domain name to query the current Expect-CT set:</p>
<form id=expect-ct-view-query-form>
<label>Domain: <input type=text id=expect-ct-view-query-input type="url"
<input type=submit value="Query" id=expect-ct-view-query-submit>
<div style="margin-top: 1em; margin-left: 2em;"
<h4>Send test Expect-CT report</h4>
<p>Trigger a test report to the given report URI. The report will contain a
hostname of "expect-ct-report.test" and dummy data in other fields.</p>
<form id=expect-ct-view-test-report-form>
<label>Report URI: <input type=text id=expect-ct-view-test-report-uri
<input type=submit value="Send" id=expect-ct-view-test-report-submit>
<div style="margin-top: 1em; margin-left: 2em;"
<h3>Delete domain security policies</h3>
Input a domain name to delete its dynamic domain security policies (HSTS
and Expect-CT). (<i>You cannot delete preloaded entries.</i>):
<form id=domain-security-policy-view-delete-form>
<label>Domain: <input type=text id=domain-security-policy-view-delete-input
<input type=submit value="Delete"