If you’re a sad geek like me you’ve probably already heard of HSTS ( HTTP Strict Transport ). HSTS is designed to solve an issue where you access a web server using HTTP and are automatically redirected to the  equivalent ( usually through a 301 or 302 response and a new location header ). To most this seems like a perfectly acceptable solution, until you start thinking about the Man in the Middle issues of this kind of redirection. Most users don’t type ://mybank.com after all.

d1273034cd51 am1.png1 HTTP Strict Transport Security

See the original post:
HTTP Strict Transport Security