While testing a customer portal, you observe that login.example.com defaults to HTTPS, yet visitors who click an unencrypted http link are served the page without redirection, allowing your SSL-strip tool to harvest credentials. The developer wants a server-side control that forces modern browsers to refuse any clear-text connection to the domain after the first secure visit. Which header accomplishes this?
The HTTP Strict-Transport-Security (HSTS) response header tells a browser to remember that the site must only be contacted over TLS for a specified max-age (and optionally for all sub-domains). Once cached, the browser will automatically convert any future http requests to https and will reject attempts to downgrade, defeating SSL-strip style attacks. Content-Security-Policy with the upgrade-insecure-requests directive only upgrades sub-resources when the page is already loaded over HTTPS; it does not enforce an initial secure connection. X-Frame-Options prevents click-jacking by controlling framing, and X-Content-Type-Options: nosniff stops MIME sniffing-neither addresses protocol downgrades.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of HSTS?
Open an interactive chat with Bash
How does SSL-strip work?
Open an interactive chat with Bash
What does the 'max-age' directive in HSTS do?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .