What is HSTS?

HSTS, or HTTP Strict Transport Security, is a mechanism that protects website visitors by ensuring browsers always use HTTPS for the connection. The Strict-Transport-Security response header instructs browsers only to use HTTPS to access a website and avoid HTTP for any subsequent connection for the set amount of time, e.g., one year.

HSTS reduces the chance of successful man-in-the-middle attacks by skipping redirections from HTTP to HTTPS. Even if a visitor tries to access a website over HTTP, HSTS instructs the browser to use HTTPS for interaction.