summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Fischer <djfische@gmail.com>2012-09-06 15:13:31 -0400
committerDavid Fischer <djfische@gmail.com>2012-09-06 15:13:31 -0400
commitba141e6906a32683a9a4ae7059351fa951b6470b (patch)
tree2439bcd58f81b41f07aa69e0fc9e6ce59f28bc57
parentcff911f4ba3b3e6393c58da5131ce8b188a68f0c (diff)
Added note about Strict Transport Security (HSTS)
-rw-r--r--docs/topics/security.txt8
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/topics/security.txt b/docs/topics/security.txt
index 151853d4ac..4589d01fd4 100644
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -147,6 +147,14 @@ server, there are some additional steps you may need:
any POST data being accepted over HTTP (which will be fine if you are
redirecting all HTTP traffic to HTTPS).
+* Use HTTP Strict Transport Security (HSTS)
+
+ HSTS is an HTTP header that informs a browser that all future connections
+ to a particular site should always use HTTPS. Combined with redirecting
+ requests over HTTP to HTTPS, this will ensure that connections always enjoy
+ the added security of SSL provided one successful connection has occurred.
+ HSTS is usually configured on the web server.
+
.. _additional-security-topics:
Host headers and virtual hosting