HTTP Strict Transport Security

Explore how HTTP Strict Transport Security (HSTS) helps enforce secure HTTPS connections by instructing browsers to avoid insecure HTTP versions. Understand its implementation, benefits, limitations, and how submission to preload lists like hstspreload.org can improve security from the first user visit.

We'll cover the following...

- Introduction
- HSTS
  - HTTPS

Introduction

As we’ve seen, servers can send HTTP headers to provide the client with additional metadata around the response. Besides sending the content that the client requested, servers are then allowed to specify how a particular resource should be read, cached or secured.

There’s a large spectrum of security-related headers that we should understand, as they have been implemented by browsers in order to make it harder for attackers to take advantage of vulnerabilities. The next paragraphs try to ...

1.Introduction

2.Understanding The Browser

3.HTTP

4.Protection through HTTP Headers

5.HTTP Cookies

6.Situationals

7.DDoS Attacks

8.Bug Bounty Programs

9.Conclusion

Project

HTTP Strict Transport Security

Introduction