From ba141e6906a32683a9a4ae7059351fa951b6470b Mon Sep 17 00:00:00 2001
From: David Fischer <djfische@gmail.com>
Date: Thu, 6 Sep 2012 15:13:31 -0400
Subject: [PATCH] Added note about Strict Transport Security (HSTS)

---
 docs/topics/security.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/topics/security.txt b/docs/topics/security.txt
index 151853d4ac..4589d01fd4 100644
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -147,6 +147,14 @@ server, there are some additional steps you may need:
   any POST data being accepted over HTTP (which will be fine if you are
   redirecting all HTTP traffic to HTTPS).
 
+* Use HTTP Strict Transport Security (HSTS)
+
+  HSTS is an HTTP header that informs a browser that all future connections
+  to a particular site should always use HTTPS. Combined with redirecting
+  requests over HTTP to HTTPS, this will ensure that connections always enjoy
+  the added security of SSL provided one successful connection has occurred.
+  HSTS is usually configured on the web server.
+
 .. _additional-security-topics:
 
 Host headers and virtual hosting