Overview#Strict-Transport-Security is the HTTP response HTTP Header Field from the Server to the User-agent for HTTP Strict Transport Security Policy. (RFC 6797)
Strict-Transport-Security: max-age=<expire-time> Strict-Transport-Security: max-age=<expire-time>; includeSubDomains Strict-Transport-Security: max-age=<expire-time>; preload
- max-age=<expire-time> - The time, in seconds, that the browser should remember that a site is only to be accessed using HTTPS.
- includeSubDomains - OPTIONAL - If this optional parameter is specified, this rule applies to all of the site's subdomains as well.
- preload - OPTIONAL - See Preloading Strict Transport Security for details. Not part of the specification.
The preload directive is browser dependent