WebGlossary.info
HTTP Strict Transport Security
- A web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP protocol used alone. The HSTS policy is communicated by the server to the user agent via an HTTPS response header field named
Strict-Transport-Security
. HSTS policy specifies a period of time during which the user agent should only access the server in a secure fashion. ← Wikipedia
- Previous term: HTTP status code
- Next term: HTTP verb
- Random term: Pave the Cowpaths