background preloader

HSTS (HTTP Strict Transport Security)

Facebook Twitter

HTTP Strict Transport Security. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e.

HTTP Strict Transport Security

HTTP layered over TLS/SSL[1]). HSTS is an IETF standards track protocol and is specified in RFC 6797. The HSTS Policy[2] is communicated by the server to the user agent via a HTTP response header field named "Strict-Transport-Security". HTTP Strict Transport Security. Strict-Transport-Security - HTTP. The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.

Strict-Transport-Security - HTTP

SyntaxEdit Strict-Transport-Security: max-age=<expire-time> Strict-Transport-Security: max-age=<expire-time>; includeSubDomains Strict-Transport-Security: max-age=<expire-time>; preload DirectivesEdit max-age=<expire-time> The time, in seconds, that the browser should remember that this site is only to be accessed using HTTPS.

HTTP Strict Transport Security Cheat Sheet. Last revision (mm/dd/yy): 08/10/2016 Description HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header.

HTTP Strict Transport Security Cheat Sheet

Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. Hyperlink. Definitions & Terminology, Networks.