🛡️

HSTS

Web Security

TLS (Transport Layer Security) HTTPS Security Headers Mixed Content

HTTP Strict Transport Security header instructing browsers to enforce HTTPS and reject downgrade.

Definition

HSTS is a response header that makes browsers enforce HTTPS for a domain for a set duration. It reduces downgrade and cookie hijacking risks. Misuse can cause lockouts if HTTPS is misconfigured.

In plain English HTTP Strict Transport Security header instructing browsers to enforce HTTPS and reject downgrade.

Why this matters

Why it matters: Strong transport security protects privacy by preventing interception and tampering.

Example

Example: Set Strict-Transport-Security with an appropriate max-age, includeSubDomains where safe, and consider preload.

HSTS

Definition

Why this matters

Example

Accessibility Settings

Text Size

Theme

Contrast Level

Language & Content

Need help with a term? Open the glossary