Moving to HSTS

HTTP Strict Transport Security (HSTS)  is a policy mechanism that allows a web server to enforce the use of TLS in a compliant User Agent (UA), such as a web browser. HSTS allows for a more effective implementation of TLS by ensuring all communication takes place over a secure transport layer on the client side. Most notably HSTS mitigates variants of man in the middle (MiTM) attacks where TLS can be stripped out of communications with a server, leaving a user vulnerable to further risk. HSTS has been a highly anticipated and a much needed solution to the problems of HTTP being the default protocol … Continue reading Moving to HSTS