plume/strict_transport_security

Strict-Transport-Security

This response header (often abbreviated as HSTS) lets a site tell browsers that it should only be accessed using HTTPS, and that any future attempts to access it using HTTP should be automatically converted to HTTPS. This helps protect against protocol downgrade attacks and cookie hijacking.

See the MDN docs.

Types

StrictTransportSecurity

</>

A Strict-Transport-Security header value.

pub type StrictTransportSecurity {
  MaxAge(seconds: Int)
  IncludeSubDomains(seconds: Int)
  Preload(seconds: Int)
}

Constructors

```
MaxAge(seconds: Int)
```
Apply only to the current host, for seconds seconds. Use MaxAge(0) to clear a previously-set HSTS policy in browsers.
```
IncludeSubDomains(seconds: Int)
```
Apply to the current host and all subdomains, for seconds seconds. Plume default.
```
Preload(seconds: Int)
```
Apply to the current host and all subdomains, for seconds seconds, and signal consent to be included in browsers’ HSTS preload lists.

The preload list also requires seconds to be at least 31_536_000 (one year).

Values

to_string

</>

pub fn to_string(value: StrictTransportSecurity) -> String

Encode as the Strict-Transport-Security header value.