Does your Website use HSTS?
We all know the importance of making sure our websites use HTTPS, but some users still type in the HTTP version in web browsers. And what about old links that haven't been updated and still use HTTP?
Sure, we can set up redirects, but did you know you can stop browsers from accessing the HTTP version altogether?
This is where HSTS comes in.
Enabling the HTTP Strict-Transport-Security response header means that browsers won't even try and access the non-https version; you'll simply see a "307" redirect instead.
It is a widely supported standard to protect visitors by ensuring that their browsers always connect to a website over HTTPS. It's an extra layer of security, too, that stops hackers from using SSL stripping techniques that force the browser to connect to a site using HTTP so that they can sniff packets and intercept or modify sensitive information.
I always check for this when performing my tech SEO audits and then work with my clients to ensure it is set up.
You can enable an HSTS header by working with the development teams, or it can be done in a matter of clicks if you use a CDN such as Cloudflare.
|