HTTP Strict Transport Security (HSTS)

Header to inform the browser to always request a given domain over SSL, reducing MITM attack surface area.


Established standard

Status in Chromium

Enabled by default in:

  • Chrome for desktop release 4
  • Opera release 12
  • Opera for Android release 21

Consensus & Standardization

  • Shipped
  • No public signals
  • Shipped
  • Positive


Last updated on 2015-01-21