The HSTS is an opt-in security enhancement whereby web sites signal browsers to always communicate with it over a secure connection. If the user is using a browser that complies with HSTS policy, the browser will automatically switch to a secure version of the site, using ‘https’ without any intervention of the user.
The main purpose of the web security protocol is to prevent HTTP session hijacking where user accounts are at risk of being comprised by a malicious user who is snooping on the session traffic. There are sites that encrypt user credentials before they are transmitted but, if the protocol in use is not HTTPS or secure hypertext transfer protocol, cookie information can be captured by a malicious user and replayed at a later time to gain unauthorized access to users’ accounts.
The HSTS technology can already be seen on services like PayPal. HSTS is also supported in browsers like Chrome, Firefox 4, and Opera 12. Neither Microsoft nor Apple has embraced HSTS for their respective browsers yet.
