Bookmark and Share

HSTS - Http Strict Transport Security

HSTS - HTTP strict transport security

HSTS is a policy enforced by most of the latest browsers (user agents) that adds a significant layer of security to secure websites. If a specific domain uses HSTS, the implications are as follows:

  1. The domain will only be displayed in HTTPS by browsers and all non-https links will be disabled.
  2. If public key pinning is enabled: The domain certificate's public key pin hash will be HARDCODED inside all browsers that support HSTS
  3. If the hash does not equal the certificates public key hash, the browser won't allow a user to visit the site in question and display a MITM warning.