{"draft":"draft-ietf-websec-strict-transport-sec-14","doc_id":"RFC6797","title":"HTTP Strict Transport Security (HSTS)","authors":["J. Hodges","C. Jackson","A. Barth"],"format":["ASCII","HTML"],"page_count":"46","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Web Security","abstract":"This specification defines a mechanism enabling web sites to declare\r\nthemselves accessible only via secure connections and\/or for users to\r\nbe able to direct their user agent(s) to interact with given sites\r\nonly over secure connections.  This overall policy is referred to as\r\nHTTP Strict Transport Security (HSTS).  The policy is declared by web\r\nsites via the Strict-Transport-Security HTTP response header field\r\nand\/or by other means, such as user agent configuration, for example.\r\n[STANDARDS-TRACK]","pub_date":"November 2012","keywords":["[--------]","HTTPS","TLS","SSL","ForceHTTPS","man-in-the-middle","MITM","certificate error","certificate verification","security policy","secure transport","IDNA-Canonicalization"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6797","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc6797"}