HSTS (HTTP Strict Transport Security)
HSTS is a response header (Strict-Transport-Security) that tells browsers to only connect to your domain over HTTPS for a specified duration. It prevents protocol downgrade attacks and cookie hijacking. A launch-ready config: max-age=31536000; includeSubDomains; preload. Cloudflare, Vercel, and Netlify can set this automatically in their dashboards.
한국어
HSTS는 Strict-Transport-Security 헤더로, 브라우저에게 지정 기간 동안 HTTPS로만 연결하라고 지시해요. 프로토콜 다운그레이드 공격과 쿠키 하이재킹 방지. 런칭 준비 설정: max-age=31536000; includeSubDomains; preload. Cloudflare/Vercel/Netlify 대시보드에서 자동 설정 가능.
日本語
HSTSはStrict-Transport-Securityヘッダで、指定期間ブラウザにHTTPS接続のみを強制する。プロトコルダウングレード攻撃とCookieハイジャックを防止。ローンチ設定: max-age=31536000; includeSubDomains; preload。Cloudflare / Vercel / Netlifyのダッシュボードから自動設定可。