%% You should probably cite rfc6797 instead of this I-D. @techreport{ietf-websec-strict-transport-sec-05, number = {draft-ietf-websec-strict-transport-sec-05}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec/05/}, author = {Jeff Hodges and Collin Jackson and Adam Barth}, title = {{HTTP Strict Transport Security (HSTS)}}, pagetotal = 43, year = 2012, month = mar, day = 9, abstract = {This specification defines a mechanism enabling Web sites to declare themselves accessible only via secure connections, and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections. This overall policy is referred to as HTTP Strict Transport Security (HSTS). The policy is declared by Web sites via the Strict-Transport-Security HTTP response header field, and/or by other means, such as user agent configuration, for example.}, }