A policy mechanism that informs the web browsers that the site must be accessed using HTTPS. This helps the websites to protect against eavesdropping attacks like man-in-the-middle attacks. This is more secure than redirecting from HTTP to HTTPS as the initial HTTP connection is still prone to man-in-the-middle attacks.