Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Added note about Strict Transport Security (HSTS)

  • Loading branch information...
commit ba141e6906a32683a9a4ae7059351fa951b6470b 1 parent cff911f
@davidfischer davidfischer authored
Showing with 8 additions and 0 deletions.
  1. +8 −0 docs/topics/security.txt
View
8 docs/topics/security.txt
@@ -147,6 +147,14 @@ server, there are some additional steps you may need:
any POST data being accepted over HTTP (which will be fine if you are
redirecting all HTTP traffic to HTTPS).
+* Use HTTP Strict Transport Security (HSTS)
+
+ HSTS is an HTTP header that informs a browser that all future connections
+ to a particular site should always use HTTPS. Combined with redirecting
+ requests over HTTP to HTTPS, this will ensure that connections always enjoy
+ the added security of SSL provided one successful connection has occurred.
+ HSTS is usually configured on the web server.
+
.. _additional-security-topics:
Host headers and virtual hosting
Please sign in to comment.
Something went wrong with that request. Please try again.