HTTP Strict Transport Security (HSTS) is a web security policy mechanism that protects HTTPS websites against downgrade attacks. Downgrade attacks are often implemented as part of a man-in-the-middle attack such as Poodle. HSTS also protects against cookie hijacking. It enables web servers to mandate that web browsers (or other complying user agents) should interact with it by using only secure HTTPS connections, and never through the insecure HTTP protocol.
In Access Manager 4.3, HSTS has been enabled by default for all components.