@@ 9,8 9,10 @@ tags: hsts, security, privacy
HTTP Strict Transport Secrity is a mechanism for sites to signal that
they would only be serving a secure transport (read: TLS) to serve
content from these domains. HSTS is defined in
-[RFC6797](https://tools.ietf.org/html/rfc6797). HSTS is really cool
-considering how easy is to enable it!
+[RFC6797](https://tools.ietf.org/html/rfc6797).
+
+HSTS is easy to enable, and its really cool how much of an impact it
+has to improve security.
So how does it work? The secure version of the site sends an extra HTTP header
@@ 24,7 26,7 @@ To an HSTS aware client (i.e all mordern browsers) this means
client can now cache this information, and if you ever get the
non-secure version of the site - know that someones tampering with the
-site.
+connection.
But max age is only one of the directive, there are more.
1. `includeSubdomains` directive: Tells your browser that apply the