HTTP Strict Transport Security (HSTS)

HSTS tells browsers to only connect to a site over HTTPS for a specified time, mitigating downgrade attacks.

#web#rfc

Last updated: 2025-09-02T00:00:00.000Z

Evidence

RFC RFC 6797 Normative evidence
www.rfc-editor.org

More context

Preload lists and correct max‑age settings help enforce HTTPS and reduce cookie‑hijacking risk.