Skip to content
Browse files

Added note about Strict Transport Security (HSTS)

  • Loading branch information...
1 parent cff911f commit ba141e6906a32683a9a4ae7059351fa951b6470b @davidfischer davidfischer committed
Showing with 8 additions and 0 deletions.
  1. +8 −0 docs/topics/security.txt
8 docs/topics/security.txt
@@ -147,6 +147,14 @@ server, there are some additional steps you may need:
any POST data being accepted over HTTP (which will be fine if you are
redirecting all HTTP traffic to HTTPS).
+* Use HTTP Strict Transport Security (HSTS)
+ HSTS is an HTTP header that informs a browser that all future connections
+ to a particular site should always use HTTPS. Combined with redirecting
+ requests over HTTP to HTTPS, this will ensure that connections always enjoy
+ the added security of SSL provided one successful connection has occurred.
+ HSTS is usually configured on the web server.
.. _additional-security-topics:
Host headers and virtual hosting

0 comments on commit ba141e6

Please sign in to comment.
Something went wrong with that request. Please try again.