HSTS

HTTP Strict Transport Security (HSTS) is a security policy mechanism that instructs browsers to only connect to a site over HTTPS, never HTTP. Once a browser receives an HSTS header, it will automatically upgrade HTTP requests to HTTPS for the duration specified by the max-age directive. This prevents SSL-stripping attacks where an attacker downgrades a connection to plain HTTP. Sites can also be preloaded into browsers' HSTS lists for protection even on the first visit.

Why it matters for your website

• 1Affects your HTTPS rating and SSL grade on security scanners
• 2Required for PCI-DSS and SOC 2 compliance
• 3Browsers block insecure connections and show warnings to users