Glossary term

HSTS

HTTP Strict Transport Security. Tells browsers to only ever load this site over HTTPS, even if the user types `http://`.

When it matters

Always. Combined with preload submission, prevents the entire class of "downgrade attack" against HTTPS.

Last reviewed: April 2026