← Back to release summary

HTTP Strict Transport Security (HSTS)

Category

Security

Type

New or changed feature

Status

Enabled by default (Chrome 4)

Intent stage

None

Summary

Header to inform the browser to always request a given domain over SSL, reducing MITM attack surface area.

Standards & signals

• Specification: http://tools.ietf.org/html/rfc6797
• Firefox: Shipped/Shipping
• Safari: Shipped/Shipping
• Web developers: Positive

View on chromestatus.com