Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
HTTP Strict Transport Security HSTS, per RFC 6797, forces browsers to use HTTPS only, preventing downgrade and SSL-stripping attacks.
HTTP Strict Transport Security (HSTS) Definition: HTTP Strict Transport Security HSTS, per RFC 6797, forces browsers to use HTTPS only, preventing downgrade and SSL-stripping attacks.
HTTP Strict Transport Security (HSTS) is a web security policy, defined in RFC 6797, that lets a site instruct browsers to interact with it only over HTTPS for a specified period. It is delivered via the Strict-Transport-Security response header and protects against protocol-downgrade attacks and SSL-stripping man-in-the-middle attempts by ensuring the browser refuses plaintext HTTP connections. Sites can also submit their domain to the HSTS preload list so browsers enforce HTTPS even on the very first visit.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →