HSTS will be implemented in Firefox and Google Chrome

    In the near future, the HTTP Strict Transport Security (HSTS) standard will be supported by Firefox and Google Chrome.

    This specification provides an absolutely guaranteed way of client-server communication only through a secure protocol.

    Currently, while this standard is not supported, when connecting to a server, an HTTP connection is established by default, and only then the browser switches to HTTPS, if possible. Such a mechanism leaves room for a man-in-the-middle attack. In turn, the HSTS protocol is designed to close this vulnerability. With HSTS support, site creators can put the following command on the server

    Strict-Transport-Security: max-age = 15768000

    The max-age parameter sets the time in seconds to force the use of an HTTPS session.

    And then all HTTP requests will be forcibly redirected to HTTPS.

    Firefox developers have announced that their support will be implemented in the next version.

    Also popular now: