HTTP Strict Transport Security specification

E242258

The HTTP Strict Transport Security specification is a web security standard that allows servers to enforce secure (HTTPS) connections by instructing browsers to refuse insecure HTTP access to a site.

All labels observed (4)

How this entity was disambiguated

Statements (43)

Predicate Object
instanceOf HTTP header specification
IETF standard
web security standard
abbreviation HTTP Strict Transport Security specification self-linksurface differs
surface form: HSTS
appliesTo user agents supporting HSTS
web browsers
appliesWhen host is present in an HSTS preload list
user agent has seen a valid HSTS header for the host
category transport layer security mechanism
web application security control
configurationLocation server HTTP response headers
definedByHeader HTTP Strict Transport Security specification self-linksurface differs
surface form: Strict-Transport-Security
documentationURL https://datatracker.ietf.org/doc/html/rfc6797
effect forces HTTP requests to be rewritten to HTTPS by the browser
prevents users from bypassing certificate errors easily
reduces risk of man-in-the-middle attacks on first and subsequent connections
firstPublicationYear 2012
fullName HTTP Strict Transport Security specification self-linksurface differs
surface form: HTTP Strict Transport Security
influencedBy earlier browser-specific HSTS implementations
keyDirective includeSubDomains
max-age
preload
mechanism instructs browsers to refuse insecure HTTP access
uses HTTP response header to signal policy to user agents
policyType client-enforced security policy
primaryPurpose enforce secure HTTPS connections
mitigate cookie hijacking over HTTP
mitigate protocol downgrade attacks
prevent use of insecure HTTP connections
publishedBy Internet Engineering Task Force
relatedTo HTTPS
TLS certificate validation
TLS
surface form: Transport Layer Security
requires support from user agent
valid HTTPS configuration on the server
scope entire host
optionally subdomains
securityProperty helps ensure confidentiality and integrity of HTTP traffic
protects against SSL stripping attacks
standardizedIn RFC 6797
status Proposed Standard
usedBy major web browsers
usedFor hardening website transport security

How these facts were elicited

Referenced by (5)

Full triples — surface form annotated when it differs from this entity's canonical label.

HTTP Working Group responsibleFor HTTP Strict Transport Security specification
HTTPS Everywhere relatedTo HTTP Strict Transport Security specification
this entity surface form: HTTP Strict Transport Security
HTTP Strict Transport Security specification fullName HTTP Strict Transport Security specification self-linksurface differs
this entity surface form: HTTP Strict Transport Security
HTTP Strict Transport Security specification abbreviation HTTP Strict Transport Security specification self-linksurface differs
this entity surface form: HSTS
HTTP Strict Transport Security specification definedByHeader HTTP Strict Transport Security specification self-linksurface differs
this entity surface form: Strict-Transport-Security