This is the reason why websites should be using HSTS

Date Added: September 02, 2018 07:23:09 PM
Author: John E Lincoln
Category: BUSINESS: Marketing and Advertising: Internet Marketing


HSTS is a response header that informs the browser it can only connect to a certain website using HTTPS.  HSTS increases both the speed and security of HTTPS websites.  To fully understand what HSTS does, you need a little working knowledge of HTTPS.


HTTPS (Hyper Text Transfer Protocol Secure) is a secure version of HTTP.  When a user connects to a site using HTTPS, the website then encrypts the session with a secure sockets layer (SSL) certificate. In layman’s terms, it adds an extra layer of security to the site session and protects against hackers who may try to steal information from web users.

As you can imagine, this is especially useful for e-commerce, banking, or other transaction sites like Paypal, which require users to enter sensitive information.

Whether or not a site uses HTTPS is clearly visible to users. Those that are secure will feature a green secure symbol by the URL.

On the flip side, those sites that still rely only on HTTP will be labeled “Not Secure” in the uniform resource locator (URL) box.

HTTPS has been a confirmed Google ranking factor since 2014, and while it won’t immediately skyrocket your site to the top of the search engine result pages (SERPs), it will give you an added boost and signal an extra layer of trustworthiness to website visitors. I like to think having HTTPS gives a web page a boost and will usually move the HTTPS page ahead in the SERPs.

While HTTPS is a vast improvement over its predecessor, it’s not entirely without its flaws and that is where HSTS comes in.

How HSTS increases site security

One of the flaws associated with HTTPS is that it isn’t entirely hack-proof.  It leaves your site open to SSL stripping. This occurs when a hacker changes the connection from an encrypted connection to an older version.

This often occurs with 301 redirects – if a website relies on 301 redirects for switching from HTTP to HTTPS.   The 301 redirect usually happens like this:

  • Someone types in into their browser.
  • Because uses a 301 redirect, the browser initially tries to load This happens because the browser can’t know ahead of time that a specific site is using HTTPS.
  • Once it encounters the redirect and is told otherwise, the browser then has the go-ahead to load

While this doesn’t seem like a big deal, it’s those few milliseconds in between you really need to worry about because it leaves the site vulnerable to hackers who try to strip down your SSL certificate.

When the server initially calls the HTTP version, hackers can slip in and intercept the request over the insecure HTTP, which will block the site from using HTTPS.  It stands to reason that as more sites switch to HTTPS, more hackers are educating themselves on how to crack the updated security codes.

There is a solution for this, make your site even more secure by applying HSTS.

HSTS forces a site to load over HTTPS, disregarding any calls to try an HTTP connection first as in the case of 301 redirects.  This essentially sidesteps the initial HTTP load by forcing the browser to remember that this site does indeed support HTTPS. That way, the browser will load the secure version immediately and eliminates the opportunity for hackers to hijack the connection.



You must be logged in to leave a rating.
Average rating: (0 votes)

No Comments Yet.

Visual Confirmation Security Code

*Enter the code shown:  

Latest Articles

Raising Brand Awareness

In the past few years, especially when almost everything went digital, marketing and promotion methods also shifted into a more sophisticated way. Brand Awareness has also become a popular topic, where corporations and enterpreneurs are fighting over in a war of marketing to reach the top of mind.

[Read more]