Henning Kerstan

HSTS Enabled

published: Sat, 21 Oct 2017, 19:25 CEST – last updated: Sat, 21 Oct 2017, 19:32 CEST

After I have now thoroughly tested that this site’s TLS configuration works, I enabled the HTTP Strict Transport Security (HSTS) response header.

This HSTS header tells the user agent (i.e. the browser in most cases) to only use a secure connection (HTTPS, i.e. HTTP over TLS) when connecting to this website.