HTTP Strict Transport Security lets a web site inform the browser that it should never load the site using HTTP and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead. It consists in one HTTP header,
Strict-Transport-SecurityIn other words, it tells the browser that changing the protocol from
HTTP to HTTPS in a URL works (and is more secure) and asks the browser
to do it for every request.
HTTP to HTTPS in a URL works (and is more secure) and asks the browser
to do it for every request.
Learn more
Strict-Transport-Security- OWASP Article: HTTP Strict Transport Security
- Wikipedia: HTTP Strict Transport Security
View Previous Terms:
- Block cipher mode of operation
- Certificate authority
- Challenge-response authentication
- Cipher
- Cipher suite
- Ciphertext
- CORS
- CORS-safelisted request header
- CORS-safelisted response header
- Cross-site scripting
- Cryptanalysis
- Cryptographic hash function
- Cryptography
- CSP
- CSRF
- Decryption
- Digital certificate
- DTLS (Datagram Transport Layer Security)
- Encryption
- Forbidden header name
- Forbidden response header name
- Hash
- HMAC
- HPKP
- HTTPS
- Key
- MitM
- OWASP
- Preflight request
- Public-key cryptography
- Reporting directive
- Robots.txt
- Same-origin policy
- Session Hijacking
- SQL Injection
- Symmetric-key cryptography
- TOFU
- Transport Layer Security (TLS)
Credits
- Source: https://developer.mozilla.org/en-US/docs/Glossary/HSTS
- Published under Open CC Attribution ShareAlike 3.0 license