HTTPS only with HTTP Strict Transport Security (HTST) header

published on
The HTTP Strict Transport Security header (Strict-Transport-Security) allows you to tell the brower to only communicate with a site using HTTPS. Once the browser has successfully connected using HTTPS and seen the header, it will only communicate with the site using HTTPS from that point forward, changing the protocol if needed. By enabling this header you can prevent man-in-the-middle attacks via SSL stripping. There is a good overview @ Mozilla on the header and its benefits. Read More...