GPTKB
Browse
Query
Compare
Download
Publications
Contributors
Search
HTTP Strict Transport Security (HSTS)
URI:
https://gptkb.org/entity/HTTP_Strict_Transport_Security_(HSTS)
GPTKB entity
Statements (49)
Predicate
Object
gptkbp:instanceOf
web security policy mechanism
gptkbp:abbreviation
gptkb:HSTS
gptkbp:appliesTo
web browsers
web servers
gptkbp:canBe
gptkb:IIS
gptkb:Nginx
gptkb:Apache_HTTP_Server
gptkb:Tomcat
gptkb:Lighttpd
HTTP response header
gptkbp:canBeBypassedBy
removing HSTS policy from browser
gptkbp:category
Internet security
Web standards
gptkbp:definedIn
gptkb:RFC_6797
gptkbp:effect
forces future requests to use HTTPS
prevents users from bypassing invalid certificate warnings
gptkbp:enforcedBy
use of HTTPS
gptkbp:headerName
gptkb:Strict-Transport-Security
https://www.w3.org/2000/01/rdf-schema#label
HTTP Strict Transport Security (HSTS)
gptkbp:introducedIn
2012
gptkbp:notEffectiveAgainst
first connection over HTTP
gptkbp:parameter
preload
includeSubDomains
max-age
gptkbp:preloadListMaintainedBy
gptkb:Google
gptkbp:preloadListUsedBy
major browsers
gptkbp:prevention
man-in-the-middle attacks
SSL stripping attacks
gptkbp:purpose
protect websites against cookie hijacking
protect websites against protocol downgrade attacks
gptkbp:recommendation
gptkb:OWASP
gptkb:Mozilla_Observatory
gptkb:CIS_Benchmarks
gptkbp:relatedTo
gptkb:SSL/TLS
gptkb:Content_Security_Policy_(CSP)
HTTPS
HTTP Public Key Pinning (HPKP)
gptkbp:requires
initial HTTPS connection
gptkbp:securityRiskIf
misconfigured max-age
not preloaded
not set for all subdomains
gptkbp:supportedBy
gptkb:Google_Chrome
gptkb:Mozilla_Firefox
gptkb:opera
gptkb:Microsoft_Edge
gptkb:Safari
gptkbp:usedBy
many major websites
gptkbp:bfsParent
gptkb:RFC_6797
gptkbp:bfsLayer
7