HTTP Strict Transport Security specification
E242258
The HTTP Strict Transport Security specification is a web security standard that allows servers to enforce secure (HTTPS) connections by instructing browsers to refuse insecure HTTP access to a site.
All labels observed (4)
| Label | Occurrences |
|---|---|
| HTTP Strict Transport Security | 2 |
| HSTS | 1 |
| HTTP Strict Transport Security specification canonical | 1 |
| Strict-Transport-Security | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T2187943 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: HTTP Strict Transport Security specification Context triple: [HTTP Working Group, responsibleFor, HTTP Strict Transport Security specification]
-
A.
RFC 7465 (prohibition in TLS)
RFC 7465 is an Internet standards document that formally prohibits the use of the RC4 stream cipher in Transport Layer Security (TLS) due to its significant cryptographic weaknesses.
-
B.
RFC 6176 (prohibition of SSL 2.0)
RFC 6176 is an Internet Engineering Task Force (IETF) standard that formally deprecates and forbids the use of the insecure SSL 2.0 protocol in favor of more secure TLS versions.
-
C.
SSL
SSL (Secure Sockets Layer) is a cryptographic protocol designed to provide secure, encrypted communication over a computer network, commonly used to protect data transmitted between clients and servers.
-
D.
RFC 8446
RFC 8446 is the Internet standard that specifies TLS 1.3, a major revision of the Transport Layer Security protocol focused on improved security and performance for encrypted communications.
-
E.
HTTPS Everywhere
HTTPS Everywhere is a browser extension that automatically enforces secure, encrypted HTTPS connections to websites to protect users’ privacy and security online.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: HTTP Strict Transport Security specification Target entity description: The HTTP Strict Transport Security specification is a web security standard that allows servers to enforce secure (HTTPS) connections by instructing browsers to refuse insecure HTTP access to a site.
-
A.
RFC 7465 (prohibition in TLS)
RFC 7465 is an Internet standards document that formally prohibits the use of the RC4 stream cipher in Transport Layer Security (TLS) due to its significant cryptographic weaknesses.
-
B.
RFC 6176 (prohibition of SSL 2.0)
RFC 6176 is an Internet Engineering Task Force (IETF) standard that formally deprecates and forbids the use of the insecure SSL 2.0 protocol in favor of more secure TLS versions.
-
C.
SSL
SSL (Secure Sockets Layer) is a cryptographic protocol designed to provide secure, encrypted communication over a computer network, commonly used to protect data transmitted between clients and servers.
-
D.
RFC 8446
RFC 8446 is the Internet standard that specifies TLS 1.3, a major revision of the Transport Layer Security protocol focused on improved security and performance for encrypted communications.
-
E.
HTTPS Everywhere
HTTPS Everywhere is a browser extension that automatically enforces secure, encrypted HTTPS connections to websites to protect users’ privacy and security online.
- F. None of above. chosen
Statements (43)
| Predicate | Object |
|---|---|
| instanceOf |
HTTP header specification
ⓘ
IETF standard ⓘ web security standard ⓘ |
| abbreviation |
HTTP Strict Transport Security specification
self-linksurface differs
ⓘ
surface form:
HSTS
|
| appliesTo |
user agents supporting HSTS
ⓘ
web browsers ⓘ |
| appliesWhen |
host is present in an HSTS preload list
ⓘ
user agent has seen a valid HSTS header for the host ⓘ |
| category |
transport layer security mechanism
ⓘ
web application security control ⓘ |
| configurationLocation | server HTTP response headers ⓘ |
| definedByHeader |
HTTP Strict Transport Security specification
self-linksurface differs
ⓘ
surface form:
Strict-Transport-Security
|
| documentationURL | https://datatracker.ietf.org/doc/html/rfc6797 ⓘ |
| effect |
forces HTTP requests to be rewritten to HTTPS by the browser
ⓘ
prevents users from bypassing certificate errors easily ⓘ reduces risk of man-in-the-middle attacks on first and subsequent connections ⓘ |
| firstPublicationYear | 2012 ⓘ |
| fullName |
HTTP Strict Transport Security specification
self-linksurface differs
ⓘ
surface form:
HTTP Strict Transport Security
|
| influencedBy | earlier browser-specific HSTS implementations ⓘ |
| keyDirective |
includeSubDomains
ⓘ
max-age ⓘ preload ⓘ |
| mechanism |
instructs browsers to refuse insecure HTTP access
ⓘ
uses HTTP response header to signal policy to user agents ⓘ |
| policyType | client-enforced security policy ⓘ |
| primaryPurpose |
enforce secure HTTPS connections
ⓘ
mitigate cookie hijacking over HTTP ⓘ mitigate protocol downgrade attacks ⓘ prevent use of insecure HTTP connections ⓘ |
| publishedBy | Internet Engineering Task Force ⓘ |
| relatedTo |
HTTPS
ⓘ
TLS certificate validation ⓘ TLS ⓘ
surface form:
Transport Layer Security
|
| requires |
support from user agent
ⓘ
valid HTTPS configuration on the server ⓘ |
| scope |
entire host
ⓘ
optionally subdomains ⓘ |
| securityProperty |
helps ensure confidentiality and integrity of HTTP traffic
ⓘ
protects against SSL stripping attacks ⓘ |
| standardizedIn | RFC 6797 ⓘ |
| status | Proposed Standard ⓘ |
| usedBy | major web browsers ⓘ |
| usedFor | hardening website transport security ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: HTTP Strict Transport Security specification Description of subject: The HTTP Strict Transport Security specification is a web security standard that allows servers to enforce secure (HTTPS) connections by instructing browsers to refuse insecure HTTP access to a site.
Referenced by (5)
Full triples — surface form annotated when it differs from this entity's canonical label.