HTTP - Strict Transport Security (HSTS) - mandatory HTTPS

Table of Contents

1 - About

Strict Transport Security (HSTS) is a header that tell the client that the website should always be contacted with HTTPS

3 - Effect

When HSTS is on, if it's not possible to make a https connection (for instance if the certificate is not valid), the user will not be able to navigate the website and will get this message.

4 - Management

4.1 - Set

Example with Apache - HTTP Header (mod_header module) 


Header set Strict-Transport-Security "max-age=63072000; includeSubDomains"

4.2 - Hardcoded in chrome (preload)

To submit domains for hard coded inclusion in Chrome's HTTP Strict Transport Security (HSTS) preload list:

  • Add the preload tag to the value

Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"

4.3 - Delete

In chrome 


chrome://net-internals/#hsts
  • then delete

5 - Documentation / Reference


Data (State)
Data (State)
DataBase
Data Processing
Data Quality
Data Structure
Data Type
Data Warehouse
Data Visualization
Data Partition
Data Persistence
Data Concurrency

Data Science
Data Analysis
Statistics
Data Science
Linear Algebra Mathematics
Trigonometry

Modeling
Process
Logical Data Modeling
Relational Modeling
Dimensional Modeling
Automata

Data Type
Number
Time
Text
Collection
Relation (Table)
Cube
Tree
Key/Value
Graph
Spatial
Color
Log

Measure Levels
Order
Nominal
Discrete
Distance
Ratio

Code
Compiler
Lexical Parser
Grammar
Function
Testing
Debugging
Shipping
Data Type
Versioning
Design Pattern

Infrastructure
Operating System
Cryptography
Security
File System
Network
Process (Thread)
Computer
PerfCounter
Infra As Code

Marketing
Advertising
Analytics
Email

Web
Html
Dom
Http
Url
Css
Javascript
Selector
Browser
Web Services
OAuth

Contact
[email protected]
Privacy Policy
Status

Powered by ComboStrap