HTTP Strict Transport Security (HSTS)
HSTS is a security header that forces browsers to use HTTPS for a domain, helping prevent SSL stripping and downgrade attacks.
HSTS forces browsers to use HTTPS for a site once they’ve seen the header, preventing downgrade attacks.
- Set
Strict-Transport-Securityheader - Use carefully with long max-age
- Consider preload only when ready