/vulndb/Strict Transport Security

This header is used to force browsers to connect to the application trough a SSL connection.

If the connections to the web application are not encrypted, an eavesdropper may be able to wiretap them and obtain any confidential information that is sent between the browser and the server.

Solution

The web server should send the Strict Transport Security header along with every response.

References

http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security