Do you want HSTS for your website?
I thought not. What about better security, faster load times and increased SEO?
So you do, eh? Have a definition to start with:
HSTS – HTTP Strict Transport Security. This is a response header that tells your browser that it can only connect to a website using HTTPS. HSTS increases the speed and security of HTTPS websites.
Want another definition?
HTTPS – Hyper Text Transfer Protocol Secure. If you connect to a site using HTTPS the site encrypts the session using a secure sockets layer (SSL naturally). This is obviously useful for sensitive transactions such as banking and payments.
If a site is using HTTPS it is readily visible as the letters are printed in green text alongside a ‘Secure’ symbol. However, whilst it was a great improvement over its predecessor, things have moved on and HTTPS is not as universally secure as it once was.
That is why if a site is only protected by HTTPS there will now be a ‘Not Secure’ note in the URL (Uniform Resource Locator).
Just think about that for a moment – would you visit a site that was telling you it was ‘Not Secure’?
One of the recognised faults of HTTPS is that a hacker can change the connection from an encrypted one to an older version, allowing them to carry out what is known as SSL stripping. This essentially strips out the encryption code, leaving your data and your users data open to attack.
HSTS overrides any such requests, ensuring that the browser will load the secure, encrypted version, stopping potential hackers from hijacking the connection.
But HSTS doesn’t just add a layer of security for you. It also improves your SEO because your webpage will load faster than before. Load time has a huge impact on both search rankings and user experience and with mobile usage increasing so rapidly, load time is going to be even more important in the near future.
So, should you add HSTS? With added security, faster load times and better SEO resulting in a better user experience, I think you know the answer.