Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term HTTP Strict Transport Security (HSTS)

Training Camp • Cybersecurity Glossary

What is HTTP Strict Transport Security (HSTS)?

HTTP Strict Transport Security HSTS, per RFC 6797, forces browsers to use HTTPS only, preventing downgrade and SSL-stripping attacks.

Glossary > Application & API Security > HTTP Strict Transport Security (HSTS)

Understanding HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) is a web security policy, defined in RFC 6797, that lets a site instruct browsers to interact with it only over HTTPS for a specified period. It is delivered via the Strict-Transport-Security response header and protects against protocol-downgrade attacks and SSL-stripping man-in-the-middle attempts by ensuring the browser refuses plaintext HTTP connections. Sites can also submit their domain to the HSTS preload list so browsers enforce HTTPS even on the very first visit.

Learn More About HTTP Strict Transport Security (HSTS):

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →