What is HSTS?

HSTS, or HTTP Strict Transport Security, is a security feature that ensures websites are accessed exclusively through secure HTTPS connections. When a website implements HSTS, it sends a special HTTP header to the browser, instructing it to only use HTTPS for future requests. This helps protect against attacks like SSL stripping, where attackers force a browser to connect over HTTP, compromising the security of sensitive data. HSTS was established in 2012 to prevent such attacks by enforcing the use of HTTPS. However, HSTS is only effective once the browser has received the security header via an HTTPS connection; it cannot protect the initial connection if the site is first accessed via HTTP. To enhance security, websites can also opt to be included in the HSTS preload list, a list maintained by browser vendors that ensures the site is always accessed over HTTPS, even on the first visit.