HTTP Strict Transport Security (HSTS) is a is a web server directive that allows websites to state that they should only be accessed via a secure connection. HSTS exists to remove the need for the insecure practice of redirecting users from http:// to https:// URLs.
HSTS policy mechanism helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.