Strict-Transport-Security is a security feature implemented through the HTTP response header Strict-Transport-Security (often abbreviated as HSTS). When enabled, it instructs web browsers to only interact with the website using secure HTTPS connections, never HTTP. This helps protect users from certain types of cyber attacks, such as protocol downgrade attacks and cookie hijacking, by ensuring that all communications between the browser and the server are encrypted. The header can also specify how long the browser should enforce this policy and whether it applies to subdomains.