UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 6797

HTTP Strict Transport Security (HSTS)

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 November 2012
Status: active
Page Count: 43
scope:

This specification defines a mechanism enabling web sites to declare themselves accessible only via secure connections and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections. This overall policy is referred to as HTTP Strict Transport Security (HSTS). The policy is declared by web sites via the Strict-Transport-Security HTTP response header field and/or by other means, such as user agent configuration, for example.

Document History

IETF RFC 6797
November 1, 2012
HTTP Strict Transport Security (HSTS)
This specification defines a mechanism enabling web sites to declare themselves accessible only via secure connections and/or for users to be able to direct their user agent(s) to interact with given...

References

This document references:
RFC 1035 - Domain Names - Implementation and Specification
Published by IETF on November 1, 1987
A description is not available for this item.
This document references:
IETF RFC 2560 - X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
Published by IETF on June 1, 1999
A description is not available for this item.
This document references:
IETF RFC 2616 - Hypertext Transfer Protocol -- HTTP/1.1
Published by IETF on June 1, 1999
A description is not available for this item.
This document is referenced by:
IETF RFC 6920 - Naming Things with Hashes
Published by IETF on April 1, 2013
This document defines a set of ways to identify a thing (a digital object in this case) using the output from a hash function. It specifies a new URI scheme for this purpose, a way to map these to...
This document is referenced by:
ITU-T X.1582 - Transport protocols supporting cybersecurity information exchange
Published by ITU-T on January 1, 2014
This Recommendation provides an overview of transfer and exchange protocols that have been standardized for and/or in current usage within the application space of cybersecurity information transfer...
This document is referenced by:
IETF RFC 7469 - Public Key Pinning Extension for HTTP
Published by IETF on April 1, 2015
This document defines a new HTTP header that allows web host operators to instruct user agents to remember ("pin") the hosts' cryptographic identities over a period of time. During that time, user...
This document is referenced by:
IETF RFC 7711 - PKIX over Secure HTTP (POSH)
Published by IETF on November 1, 2015
Experience has shown that it is difficult to deploy proper PKIX certificates for Transport Layer Security (TLS) in multi-tenanted environments. As a result, domains hosted in such environments often...
This document is referenced by:
Y.3180 - (Pre-Published) Mechanism of traffic awareness for application-descriptor-agnostic traffic based on machine learning
Published by ITU-T on February 1, 2022
This Recommendation specifies mechanism of traffic awareness for application-descriptor-agnostic traffic based on machine learning. The scope of this Recommendation includes: a) Overview of traffic...
View Less
View All
Advertisement