HSTS for Scala with Play Framework: Pros, Cons, Setup
If you run a Play app in production and you’re still treating HTTPS as “mostly enabled,” HSTS is one of the easiest ways to stop users from ever hitting your site over plain HTTP again. The idea is simple: tell the browser, “for this domain, only use HTTPS for a while.” After that, even if someone clicks an old http:// link or a network attacker tries SSL stripping, the browser upgrades the request before it leaves the machine. ...