Wikipedia summarizes HTTP Strict Transport Security as follows:
HTTP Strict Transport Security (HSTS) is a web security policy mechanism which is necessary to protect secure HTTPS websites against downgrade attacks, and which greatly simplifies protection against cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797.
The HSTS Policy is communicated by the server to the user agent via a HTTP response header field named “Strict-Transport-Security“. HSTS Policy specifies a period of time during which the user agent shall access the server in a secure-only fashion.
I mention that because Troy Hunt has posted: Understanding HTTP Strict Transport Security (HSTS) and preloading it into the browser.
It is a very deep and wonderful walk through the HTTP Strict Transport Security (HSTS) protocol.
Something for you night owls who are looking for something “technical” for the evening.