HSTS
HSTS (HTTP Strict Transport Security)
This is enabled on the webserver. It is designed to prevent downgrade attacks such as SSL stripping and Man-in-the-Middle attacks. Even if the user enters HTTP into the URL the connection will either be blocked or if configured on the webserver it will automatically connect using HTTPS.
No comments:
Post a Comment