HTTP Strict Transport Security (HSTS) is a security mechanism used by some websites to ensure that HTTP Secure (HTTPS) is always used by visitors to the site even should some intermediate system between the visitor's browser and the website attempt a man-in-the-middle (MITM) attack to downgrade the communications protocol to the unencrypted Hypertext Transfer Protocol (HTTP). The HSTS specification was published as Request for Comments (RFC) 6797 on November 19, 2012. You can tell whether a site has implemented HSTS by establishing a telnet connection to port 80, the well-known port for HTTP connections. E.g.:
$ telnet example.com 80 Trying 192.168.141.50... Connected to example.com Escape character is '^]'. HEAD / HTTP/1.1 HOST: example.com HTTP/1.1 301 Moved Permanently Date: Wed, 06 Dec 2017 02:56:57 GMT Server: Apache X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; includeSubDomains Location: https://example.com/ Connection: close Content-Type: text/html; charset=iso-8859-1 Connection closed by foreign host. $
[ More Info ]
