HSTS
Also known as: http strict transport security
A header that tells browsers to only ever load a site over HTTPS, even if the user types http://.
HTTP Strict Transport Security is a response header (Strict-Transport-Security) that instructs the browser to remember, for a specified duration, that a domain must be reached over HTTPS. Subsequent visits skip the plain-HTTP round trip entirely.
Major sites also submit themselves to browser 'preload lists' so the rule ships with the browser and applies on the very first visit. HSTS closes a small but real window where an attacker could downgrade a first request to HTTP.
Related terms
The encrypted version of HTTP, the protocol your browser uses to talk to websites.
A browser setting that upgrades all requests to HTTPS and warns when only HTTP is available.
An attacker positioned between you and the site you're talking to, reading or altering traffic.
