|
gptkbp:instance_of
|
gptkb:Request_for_Comments
|
|
gptkbp:bfsLayer
|
5
|
|
gptkbp:bfsParent
|
gptkb:Strict-Transport-Security
gptkb:HTTP_Strict_Transport_Security
|
|
gptkbp:abstract
|
This document describes HTTP Strict Transport Security (HSTS), a mechanism that helps to protect websites against man-in-the-middle attacks.
|
|
gptkbp:author
|
gptkb:municipality
|
|
gptkbp:challenges
|
User experience issues
Misconfiguration risks
|
|
gptkbp:communication
|
gptkb:RFC_7540
gptkb:RFC_7541
gptkb:RFC_9110
gptkb:HTTP
gptkb:RFC_7469
gptkb:RFC_6819
|
|
gptkbp:economic_impact
|
Encourages HTTPS adoption
Positive impact on search rankings
|
|
gptkbp:enacted_by
|
preload
max-age
include Sub Domains
|
|
gptkbp:field
|
gptkb:Strict-Transport-Security
|
|
gptkbp:future_plans
|
Enhancements to HSTS
Integration with other security protocols
|
|
gptkbp:has_expansion
|
HSTS Preload List
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
RFC 6797
|
|
gptkbp:impact
|
Improves user privacy
Reduces risk of session hijacking
|
|
gptkbp:is_adopted_by
|
Supported by major web servers
Widely adopted by major browsers
|
|
gptkbp:is_implemented_in
|
Web browsers
Web servers
|
|
gptkbp:key
|
Enforces secure connections
Prevents downgrade attacks
|
|
gptkbp:published_year
|
November 2012
|
|
gptkbp:recommendation
|
Use HSTS for sensitive sites
|
|
gptkbp:regulatory_compliance
|
gptkb:RFC_7230
gptkb:RFC_7232
gptkb:RFC_7235
|
|
gptkbp:related_concept
|
gptkb:HTTPS
TLS
|
|
gptkbp:related_to
|
gptkb:RFC_2818
gptkb:RFC_7231
|
|
gptkbp:requires
|
gptkb:HTTPS
|
|
gptkbp:security_features
|
Enhances security by enforcing HTTPS
|
|
gptkbp:specifies
|
Defines HSTS header
|
|
gptkbp:status
|
Proposed Standard
|
|
gptkbp:technique
|
gptkb:Safari
gptkb:Google_Chrome
gptkb:opera
gptkb:website
gptkb:Microsoft_Edge
|
|
gptkbp:title
|
HTTP Strict Transport Security (HSTS)
|
|
gptkbp:use_case
|
Email services
E-commerce websites
Social media platforms
Government websites
Banking websites
|