diff options
| author | David Fischer <djfische@gmail.com> | 2012-09-06 15:13:31 -0400 |
|---|---|---|
| committer | David Fischer <djfische@gmail.com> | 2012-09-06 15:13:31 -0400 |
| commit | ba141e6906a32683a9a4ae7059351fa951b6470b (patch) | |
| tree | 2439bcd58f81b41f07aa69e0fc9e6ce59f28bc57 | |
| parent | cff911f4ba3b3e6393c58da5131ce8b188a68f0c (diff) | |
Added note about Strict Transport Security (HSTS)
| -rw-r--r-- | docs/topics/security.txt | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/topics/security.txt b/docs/topics/security.txt index 151853d4ac..4589d01fd4 100644 --- a/docs/topics/security.txt +++ b/docs/topics/security.txt @@ -147,6 +147,14 @@ server, there are some additional steps you may need: any POST data being accepted over HTTP (which will be fine if you are redirecting all HTTP traffic to HTTPS). +* Use HTTP Strict Transport Security (HSTS) + + HSTS is an HTTP header that informs a browser that all future connections + to a particular site should always use HTTPS. Combined with redirecting + requests over HTTP to HTTPS, this will ensure that connections always enjoy + the added security of SSL provided one successful connection has occurred. + HSTS is usually configured on the web server. + .. _additional-security-topics: Host headers and virtual hosting |
