What is HSTS - HTTP Strict Transport Security
HSTS stands for HTTP Strict Transport Security. In essence it is actually a mitigation technique for SSL-Stripping attack. In practice one may encounter message when accessing websites (see below details) Various attacks attempt to remove the use of Secure Socket Layer/Transport Layer Security (SSL/TLS) altogether by modifying unencrypted protocols that request the use of TLS, specifically modifying HTTP traffic and HTML pages as they pass on the wire. These attacks are known collectively as " SSL Stripping " (a form of the more generic "downgrade attack") and were first introduced by Moxie Marlinspike [SSL-Stripping]. In the context of Web traffic, these attacks are only effective if the client initially accesses a Web server using HTTP. A commonly used mitigation is HTTP Strict Transport Security (HSTS) [RFC6797]. HSTS is now supported in all leading browsers - Chrome, Firefox, Safari, Edge, IE. One of the several new features in Chrome is the addition o...