Class Rack::Protection::StrictTransport
In: lib/rack/protection/strict_transport.rb
Parent: Base
Prevented attack:Protects against against protocol downgrade attacks and cookie hijacking.
Supported browsers:all
More infos:en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.

Options:

max_age:How long future requests to the domain should go over HTTPS; specified in seconds
include_subdomains:If all present and future subdomains will be HTTPS
preload:Allow this domain to be included in browsers HSTS preload list. See hstspreload.appspot.com/

Methods

Public Instance methods

[Validate]