RFC 6797RFCMust KnowProduct2012

HTTP Strict Transport Security

Transport Security·RFC Editor

WHY YOU NEED THIS

A one-line HTTP header that eliminates a class of downgrade attacks. Every public web app should set HSTS.

What It Defines

Defines the Strict-Transport-Security response header. Instructs browsers to only access the site over HTTPS for a specified duration, preventing SSL stripping attacks.

Canonical (Normative)

RFC 6797

Convenient (Practical)

MDN HSTS

hstssecurityhttpsheaders

Standards Body

RFC Editor

The canonical publication point for finalized RFCs. If a protocol is standardized as an RFC, the RFC Editor text is the normative final reference. Published by the IETF, IRTF, IAB, and independent stream.

Visit

Related Specs

RFC 8446RFCMust Know

TLS 1.3

Every HTTPS connection, SMTP/IMAP over TLS, OAuth token exchange, and API call uses TLS. It is the foundational security layer.

Back OfficeProductTransport Security

Details

RFC 9110RFCMust Know

HTTP Semantics

This is the core contract of every web API, browser request, and server response. You can't design or debug HTTP without knowing this.

ProductHTTP

Details