@@ 9,8 9,10 @@ tags: hsts, security, privacy
HTTP Strict Transport Secrity is a mechanism for sites to signal that
they would only be serving a secure transport (read: TLS) to serve
content from these domains. HSTS is defined in
[RFC6797](https://tools.ietf.org/html/rfc6797). HSTS is really cool
considering how easy is to enable it!
HSTS is easy to enable, and its really cool how much of an impact it
has to improve security.
So how does it work? The secure version of the site sends an extra HTTP header
@@ 24,7 26,7 @@ To an HSTS aware client (i.e all mordern browsers) this means
client can now cache this information, and if you ever get the
non-secure version of the site - know that someones tampering with the
But max age is only one of the directive, there are more.
1. `includeSubdomains` directive: Tells your browser that apply the