10 likes | 22 Views
HSTS Or How To Convert All Requests To HTTP To HTTPS Requests?
E N D
HSTS Or How To Convert All Requests To HTTP To HTTPS Requests? When one is interested in the truly technological aspects of the web, it is often because one encounters a problem. You don't always pay attention to it, but every time you enter an address in the bar of an Internet Browser, it is preceded by the letters “HTTP”. If you are used to visiting the website of your bank or accessing personal data on the internet, you will certainly have found that this acronym becomes "HTTPS". More than a purely cosmetic addition, the HTTPS protocol aims to strengthen the security of the connection. In concrete terms, HTTPS makes it possible to be sure that one connects to the displayed site and that one is not diverted (or that information that one provides is not sent) to another site. A site on which the connection is “HTTPS” is therefore a real guarantee of security for visitors, and credibility for the owners and animators of the site. And at the same time one must also focus in having great webhosting or $1 Web Hosting Australia for 24/7 website visibility. Almost all sites today install SSL certificates aimed at encouraging secure connections (and especially since Google has repeatedly hinted that the "https" was quality signal for the search engine). Fortunately, it is not absolutely necessary to be a web programming virtuoso to make use of an SSL certificate or even to set up an HSTS policy. HSTS- How does it work? As noted above, the presence of the certificate alone is not enough to ensure the full safety of visitors. One could equate the certificate with an uncompromising vigil and they are able to thwart 99% of the threats, but he will be absolutely useless if there are access routes, other than those he keeps. The role of the HSTS, in this example, is to somehow force all visitors to get the green light from the vigil. The HSTS protocol changes any unsecured request from a browser to a request secured by HTTPS. All data exchanged between the web server $1 Web Hosting of $1 Hosting and the user is continuously protected by encryption. So you need two things to set up this security measure: • A authentic SSL certificate for your domain name ; • A Strict-Transport-Security header (HSTS header) ; The header is a file installed on your web domain that calls the browser from the first connection. It usually tells the user certain information and rules to follow when interacting with the domain in question. In the case of an HSTS header whose rules define that the browser will no longer be able to access the non-secure (HTTP) version of the site, for a certain period of time. This period is set at several months, or even years. To know about the same along with Wordpress Hosting Canada and great packages, do consider suggested source for quick help. HSTS implementation The implementation of this protocol must be gradual. To begin with, it is recommended to set the validity period of the HSTS to a few minutes, in order to test all the features of the site and ensure that sessions and user data are managed properly. Then the deadline can be extended to a week to identify less obvious bugs. When everything works smoothly, we can finally set the duration to two years for example. It goes without saying that if for some reason you stop using the SSL certificate and the HTTPS version of your site is no longer accessible, the HSTS protocol will prevent browsers that had accessed it in the past from returning to it again. So take care to always have a valid certificate. HSTS is not a foolproof solution against hacking or data interception. There are still ways to circumvent these security measures, but they are not within the reach of the first comer. In addition, the implementation of HSTS contributes significantly to increase the reputation of your site and therefore the ranking on the search engines.