application-security

HSTS

HTTP Strict Transport Security

Definition

HSTS is an HTTP response header that instructs browsers to only communicate with a server over HTTPS for a specified duration. Once a browser has seen an HSTS header, it will automatically upgrade all future requests to that domain to HTTPS and refuse to connect over plain HTTP.

HSTS with long max-age and includeSubDomains protects against SSL stripping attacks and accidental HTTP connections.

Related Terms

TLS

Transport Layer Security

CSP

Content Security Policy

Certificate Transparency

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product