← Cybersecurity Alphabet Soup

HSTS

HTTP Strict Transport Security

appsecmedium

HSTS is a response header that instructs browsers to only ever connect to a site over HTTPS for a set period, refusing plain HTTP even if the user types it. It defends against protocol downgrade and cookie-stealing attacks on untrusted networks. It is a standard hardening step at deployment time, and sites can join browser preload lists so the protection applies from the very first visit.

Sources

More in appsec