I try to remove the address bar on EDGE Win10,
I can remove the address bar by installing a test page as an EDGE app,
but if the page is non-secure HTTP the address bar remains.
As you can see in this test:
test with HTTP and HTTPS
How can I prevent EDGE to insert the non-Secure warning / address bar within specific HTTP contents?
Please note that HTTP content is inside INTRANET as web applications.
I should try regedit first to design the policy later.
Please could you help me about?
You can't hide the address bar in any way if it's through Group Policy or the registry. Also, it is not recommended to do it. Users should see what URL they are browsing. Otherwise, it may cause security issues.
If a website doesn't have a valid certificate. The information sent to and from it is not secure and can be intercepted by an attacker or seen by others. There's a risk to your personal data when sending or receiving information from this site. In my opinion, users should know if a site is at risk to decide whether to continue accessing it. Otherwise,as mentioned above, it may cause security issues.
Therefore I don't think your requirement can be achieved. Maybe you could refer to this doc: Securely browse the web in Microsoft Edge
Here is the screenshot of this.
Few monts ago I deployed my this laravel app in cpanel. But Now when I'm accessing the site it shows me this message... I think it is hacked or malwared added in the app.
Can anyone tells
what are security steps? should I have to follow for deploying the project in cpanel securely...?
How can I protect my app from attackers in cpanel?
What I missed on basic think in my app was APP_DEBUG was false I have to set this to true.
Except this is App_Debug:
Is there any security should I follow...
Or should I have to move shared hosting to dedicating hosting..?
This has nothing to do with your hosting or your APP_DEBUG setting. In fact never set APP_DEBUG to true on a live website this can leak all your environment variables including database credentials to the world
Here's an explanation from the google site:
Social engineering is content that tricks visitors into doing something dangerous, such as revealing confidential information or downloading software. If Google detects that your website contains social engineering content, the Chrome browser may display a "Deceptive site ahead" warning when visitors view your site. You can check if any pages on your site are suspected of containing social engineering attacks by visiting the Security Issues report.
In your case it may be because either (as you said) the website was hacked and this content injected in it or (less likely) there is content you added to the site that Google is interpreting as misleading (either because it is or because it looks like it is even though it is not).
The remedy here is explained by the above linked site (wont include the entire text just a gist but do check the entire Google site):
Check in with Search Console
Remove deceptive content
Check the third-party resources included in your site
Request a review
If your page has been hacked then you should probably just delete everything, change your passwords (all of them) reset the app key and re-deploy it. Also contact your shared hosting provider to tell them what happened in case they need to be aware of any vulnerabilities or credential leaks.
I have a progressive web appliacation. on the home page i have a loging modal. If a user logs in the application reloads and now instead of the login button the server renders the user profile. now the problem am experiencing is that when i implemented the pwa, It caches the homepage and everything in it so the new page from the server is not rendered after the user logs in.
My application backend is in Nodejs(REST API) and is use javascript to consume the api but i use ejs to render the pages. How can i solve this?. For now i decided not to cache the homepage where i have the login modal. After doing this i realized the application is now not meeting PWA installation requirements.
You can cache everything in the service worker.
When you need to display different content for an authenticated user vs unauthenticated user you can render that as needed either in the UI code or even in the service worker.
A common example would be to show/hide the login, logout and profile link in the header. This is all doable with a few lines of code as the page is loaded.
These examples are mostly classList.[add|remove|toggle]. The profile might use a simple template and setting the innerHTML of a wrapper.
It is not that complicated in the end, I do this all the time for applications.
It sounds like you shouldn't configure your service worker to cache your normal HTML. Instead, you can use a service worker that will always go to the network when online, and will display custom "Sorry, you're offline" HTML when there's a navigation request that fails.
Here's a live example of following this pattern:
https://googlechrome.github.io/samples/service-worker/custom-offline-page/
Doing this will is sufficient to meet the "add to homescreen" PWA installation requirements.
In Firefox, enter Options > Privacy & Security > under "Enhanced Tracking Protection" click "Manage Exceptions"
There seems to be no way to add a domain or site to the list of excepted sites (currently the list appears to be empty).
I want to exclude a specific domain from having Tracking blocked (Google reCaptcha is not working and I think this is why). I don't want to just blindly allow all tracking, I want to only allow per site for better security.
I think I found it. In the Firefox address bar click on the Shield icon left of the URL, then click the Toggle for "Enhanced Tracking Protection is ON for this site":
If the site immediately you are trying to unblock redirects to a different site when it detects cookies are blocked, it's very difficult to create an exception. (since you can't stay on that site) In this case, just turn off cookie blocking altogether temporarily so you can visit the first site. Then you can create the exception and turn cookie blocking back on.
Remove all the history in Firefox (delete all cookies), disable all add-ons and plugins, then restart Firefox. Do not go to any site and wait for about 10-15 min. Go to Options->...->Show cookies. You will see cookie named PREF with google.com domain.
1) Can somebody explain how and why this cookie appears?
2) How to get rid of this?
p.s I don't have any google desktop application installed. Firefox google search bar is removed too.
This cookie is coming from Google's safebrowsing api:
google.com/safebrowsing/downloads?client=....
This is a known issue in firefox and there is an open ticket here:
https://bugzilla.mozilla.org/show_bug.cgi?id=368255
EDIT To get rid of it, you can turn off the safebrowsing on the security tab (under Options), by un-checking the boxes to Block attacks and forgeries.
Why does it appear?
As part of Safe Browsing, Web browsers ping Google periodically for
updated lists of potentially dangerous sites. When they do, Google
puts a cookie on the user’s machine. Google says the cookie helps it
keep its system stable and monitor for attacks.
Source: The Google Cookie That Seems to Come Out of Nowhere
Why does it keep reappearing even after I delete it?
Because you need to disable Safe Browsing
AND because Firefox Cookie Manager can't delete it, even if it appears to (bug #1026538).
Why is it dangerous?
As this cookie contains a unique ID number, it has been used by the NSA to track people under suspicion. Source: NSA uses Google cookies to pinpoint targets for hacking, Washington Post
Also, it means Google can track you better since this unique ID is persistent even after you close Firefox.
Security often means less privacy. You can avoid sending all your browsing history to Google: Use an up-to-date browser and modules, disable uneeded browser modules, don't install apps/modules from untrusted sources and avoid phishing attempts by checking the website domain and HTTPS certificate.
How to really get rid of it?
Disable Safe Browsing:
1.1 Uncheck "Block reported attack sites" under Firefox Preferences > Security tab
1.2. Uncheck "Block reported web forgeries" under Firefox Preferences > Security tab
THEN manually delete the existing cookie with sqlite3 (as long as bug #1026538 is open)
2.1. Find your Firefox cookie database within your Firefox profile folder:
Firefox menu > Help button > Troubleshooting Information > Application Basics section > Profile folder line > Open Directory button > File name is cookies.sqlite
or (Ubuntu) find ~/.mozilla/firefox -name cookies.sqlite
2.2 Install sqlite3: Download or (Linux) sudo apt-get install sqlite3
2.3 From command prompt: sqlite3path-to-cookies.sqlite
2.4 DELETE FROM moz_cookies WHERE baseDomain = "google.com";
Now you can check that the PREF cookie doesn't reappear at Firefox launch in Firefox Cookie Manager. It should not reappear as long as you don't re-enable Safe Browsing and if you have configured Firefox to delete cookies after exit.
Recommeded tools to limit tracking (except PREF cookie...): Cookie AutoDelete
It's used by the NSA and GCHQ to spy on people!
http://rt.com/usa/nsa-advertisers-cookies-track-browsers-034/
Google has updated their policies page to explain what types of cookies they use, specifically the PREF cookie.
But beforehand I will say that I can't explain where and how this cookie pops up in the browser. It seems to be done by firefox itself even if you don't use Google search, Google safebrowsing and block cookies for °.google.com
Google's policies page states that:
Preferences
...
The PREF cookie may store your preferences and other information, in particular your preferred language (e.g. English), how many search results you wish to have shown per page (e.g. 10 or 20), and whether or not you wish to have Google’s SafeSearch filter turned on.
Advertising
... Google uses cookies, like the PREF cookie, to help personalize ads on Google properties, like Google Search, particularly when you aren’t signed in to a Google account. ...
Maybe it's part of the undisclosed contract between Mozilla and Google to set this unblockable zombie cookie. Who knows? :-)
Click Show Cookies - Don't just delete the Google cookie but click 'Remove All Cookies' Remove the check mark from the 'Accept cookies from sites' box
It was possible to disable the google pref cookie in previous firefox-versions but since version 28 it is NOT possible to disable the google pref cookie! Mozilla integrated this cookie because google wants it - and google is paying millions of dollars for mozilla to keep this spying cookie in the firefox-browser enabled. Iam using now the comodo icedragon-browser, its based on firefox 26, you can install addons and themes from mozilla too, and most important you can disable the google-pref cookie: Go to options - privacy - enable custom settings - uncheck accepting cookies and remove the stored cookies if you have any (also add the links in which you login to the exception list). This cookie will never appear again. I hope Comodo dont update this browser to the newer ff-base.
I effectively deleted the google.com pref cookie. Do this:
about:config
safe
delete all values that reference google.com
It works and I've experienced no degradation in performance.
This, er, feature has undergone several rebrandings -- from "safe browsing" to "phishing protection" and now (FF 49) to "block dangerous and deceptive content". No doubt it will soon become "Protect tiny kittens".
Another way in Firefox is to click Exceptions under Options/Privacy/"use custom settings for history"; type in "google.com" and click Block. That way google.com will not be stored on your computer from then on. (If you have a gmail address, you can't access it unless you store google's cookie).