HSTS (HTTP Strict Transport Security)

A security policy mechanism that forces browsers to only connect to a website over HTTPS. The server sends a Strict-Transport-Security response header with a max-age directive. Once a browser receives this header, it automatically upgrades all HTTP requests to HTTPS for the specified duration. The includeSubDomains directive extends protection to all subdomains, and preload allows inclusion in browser built-in HSTS lists.