NovaBlockNovaBlock
All terms

HSTS

Also known as: http strict transport security

A header that tells browsers to only ever load a site over HTTPS, even if the user types http://.

Updated 10 February 2026

HTTP Strict Transport Security is a response header (Strict-Transport-Security) that instructs the browser to remember, for a specified duration, that a domain must be reached over HTTPS. Subsequent visits skip the plain-HTTP round trip entirely.

Major sites also submit themselves to browser 'preload lists' so the rule ships with the browser and applies on the very first visit. HSTS closes a small but real window where an attacker could downgrade a first request to HTTP.

Related terms