HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL[1]). HSTS is an IETF standards track protocol and is specified in RFC 6797. The HSTS Policy[2] is communicated by the server to the user agent via a HTTP
![HTTP Strict Transport Security](https://cdn-ak-scissors.b.st-hatena.com/image/square/d8c2c33cb2b8534afdc93585efb2e7eac276bf9d/height=288;version=1;width=512/https%3A%2F%2Ffiles.speakerdeck.com%2Fpresentations%2F3218d3b0f7b00131b8f252934158b6c8%2Fslide_0.jpg%3F3331763)