Overview
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.
How it Works
When a browser receives the HSTS header from a website, it remembers that the site should only be accessed via HTTPS. For all future requests, the browser will automatically convert any http:// links to https:// before sending the request.
The 'Preload' List
Major browsers maintain a 'preload' list of sites that should always be accessed via HTTPS, providing protection even on the very first visit to a site.