HSTS

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that allows a website to declare that it should only be accessed via HTTPS, and that any attempt to use HTTP should be automatically upgraded or rejected.

A site enables HSTS by sending the Strict-Transport-Security HTTP response header over a secure connection. The

Once a user’s browser has stored the policy, all subsequent requests to the domain over HTTP are

Preloading requires submitting to a browser vendor’s preload program; if accepted, the policy is enforced by

Benefits and caveats: HSTS helps prevent protocol downgrade and cookie hijacking, but it is not a substitute