Glossary

HTTP STRICT TRANSPORT SECURITY / HSTS
defined.

An HTTP response header instructing browsers to only connect to the site over HTTPS for a specified duration.

A–Z

What is HTTP Strict Transport Security (HSTS)?

Without HSTS, an attacker on the network can intercept the first request to a domain and downgrade to HTTP. HSTS — especially with preload — closes that gap by hard-coding the HTTPS requirement into the browser.

Related terms.

Content Security Policy (CSP)
Subresource Integrity (SRI)
Cross-Origin Resource Sharing (CORS)
JSON Web Token (JWT)

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services

HTTP STRICT TRANSPORT SECURITY / HSTSdefined.

What is HTTP Strict Transport Security (HSTS)?

Related terms.

Where this shows up.

BOOK A FREEscoping call.

HTTP STRICT TRANSPORT SECURITY / HSTS
defined.

BOOK A FREE
scoping call.