What is HSTS ?
20
HTTP Strict Transport Security
HSTS mechanism of data transfer with high security level policy, web policy is to maintain the information transmitted in the world, against the attacks of wiretapping and collecting information and hijacking cookies, cookie hijacking.
This protocol allows web servers through identifying the browsers ( or other agent of the user) only allow the exchange of data via HTTPS, and to have the possibility of connection HTTP, there will be no. In fact, users are required to use the HTTPS protocol will be.
When HSTS is activated two issues happens:
– always from https will be used even if the address as http and enter.
– delete ability to select a user to log in to the site that the SSL certificate invalid.
the most important vulnerability is SSL-stripping man-in-the-middle is called using hsts preventable would be. The attack in the year 2009 happened (even for TLS) by which the connection request https connection, http conversion). Using this mechanism, the possibility of the hackers, in the midst of your relationship with the destination site and viewing the information and data exchanged will not be.
This mechanism already by the website, PayPal etc. Blogspot and Etsy used. Also, the process mentioned in browsers, Chromium, Firefox 4 and Opera 12 is used. There are still IE and the iPad, the journey to this procedure on the not have.