Martin Georgiev, Application Security Tech Lead
- Sep 11, 2017
What is HTTP Strict Transport Security? HTTP Strict Transport Security, commonly referred to as HSTS, is a Web standard that aims to ensure all web resources off a domain are fetched over a secure transport layer. The core objective of HSTS is to protect users against passive and active network attacks. To this end, it prevents protocol downgrade attacks and blocks insecure click throughs. From a configuration perspective, HSTS is an easy to deploy HTTP header. Its format is: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Unfortunately, many companies who have tried to deploy HSTS have experienced various challenges, some of which resulted...