Strict-Transport-Security

The Strict-Transport-Security security header will instruct the browser to only make requests over HTTPS to a particular domain. E.g. setting the header here would force all request by a compliant browser to https://www.nwebsec.com instead of http://www.nwebsec.com. The header hampers middleperson attacks and SSL stripping.

Enable Strict-Transport-Security

To learn how to add this header with NWebsec see: Configuring security headers on the project website.