HSTS
HSTS (HTTP Strict Transport Security)
This is enabled on the webserver. It is designed to prevent downgrade attacks such as SSL stripping and Man-in-the-Middle attacks. Even if the user enters HTTP into the URL, the connection will either be blocked or automatically connect using HTTPS if configured on the web server.
No comments:
Post a Comment