HTTP Strict Transport Security
HSTS is a response header that instructs browsers to only ever connect to a site over HTTPS for a set period, refusing plain HTTP even if the user types it. It defends against protocol downgrade and cookie-stealing attacks on untrusted networks. It is a standard hardening step at deployment time, and sites can join browser preload lists so the protection applies from the very first visit.