But what does this mean in practice?
If you look at the source code, you will see that all requests
are injected with a number of extra headers.
One of them is the HSTS one, which is called ‘Strict-Transport-Security’
What this header will do, is to tell the browser to rewrite all links as https and to always use SSL to access the site (even if the user types the address using http).
As mentioned in the HSTS protection article, the only issue is that the first request made goes in HTTP:
But the really nice thing about HSTS is that if I now do this on my browser:
Not only I get the https version:
There was not an HTTP request made: (i.e. the first request was the HTTPs one)
