SSL Stripping
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="proxy.php?url=https%3A%2F%2Fstatuscodefyi.com%2Fiframe%2Fglossary%2Fssl-stripping%2F" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://statuscodefyi.com/glossary/ssl-stripping/Add a dynamic SVG badge to your README or docs.
[](https://statuscodefyi.com/glossary/ssl-stripping/)Use the native HTML custom element.
A man-in-the-middle attack in which an attacker positioned between a client and server intercepts an HTTP request and forwards it to the server over HTTPS, while serving the response to the client over plain HTTP. The client sees HTTP but the server believes it is communicating securely. SSL stripping was demonstrated by Moxie Marlinspike in 2009 and is effectively prevented by HTTP Strict Transport Security (HSTS), which instructs browsers to always use HTTPS for the domain, and by HSTS preloading, which bakes the rule into browsers before the first connection is made.