StrictTransportSecurity
Strict-Transport-Security (HSTS) is an HTTP security header that allows a website to declare that it should only be accessed over HTTPS. When a user agent receives this header, it will thereafter attempt to load the site exclusively over secure connections for the period defined by max-age.
The header value must include max-age, the number of seconds the policy should be enforced. Optional directives
Deployment involves configuring the server to issue the header on HTTPS responses and redirecting all HTTP
Impact and limitations: HSTS protects against protocol downgrade attacks and cookie hijacking by enforcing HTTPS, but
Browser support and scope: Most major browsers support HSTS, and preload is supported by major engines. HSTS