The IETF (Internet Engineering Task Force), a group that takes part in the establishment of standards for the Internet has given its approval for the adoption of HSTS for “HTTP Strict Transport Security” to strengthen security on sites offering HTTPS secure pages.
The HTTP protocol is used on the Internet to view web pages with a browser. These letters found at the beginning of the URL addresses of web pages sometimes takes (HTTPS ://) to indicate that you are on a secure version of the page. The information transmitted is encrypted and cannot therefore theoretically be read by anyone other than the visitor and the website. In addition, a certificate issued by a third party is to certify authenticity.
HSTS security reinforces this by allowing websites to inform the browser that all pages of the site should be used in their secure versions HTTPS.
Prevent errors and attacks
This prevents, for example, a user does not access the secure version of a site to exchange information in an unencrypted url or because it took an address in HTTP (instead of HTTPS), or because a link will be sent to the unsecured version.
On the other hand, some of them say “Man in the Middle” which consist stand between a browser and a site to redirect to a not secure and will be put in check. Finally, when a site certificate is not valid, the browser will automatically refuse the connection.
HSTS has already been adopted by several websites as some areas of Google or PayPal. The latest versions of Chrome, Firefox and Opera already support HSTS protocol but not the browsers Safari and Internet Explorer of Apple and Microsoft.