Begins HTTP Strict Transport Security Migration (HSTS)

Aug 1, 2016 • 8:08 am | comments (2) by | Filed Under Google Search Engine

Green Tech Google 1900px

Google announced Friday they are going HSTS, HTTP Strict Transport Security, for That means anyone who tries to go to HTTP will be forced to go to HTTPS, even more than just a 301 redirect.

HSTS prevents people from accidentally navigating to HTTP URLs by automatically converting insecure HTTP URLs into secure HTTPS URLs. Users might navigate to these HTTP URLs by manually typing a protocol-less or HTTP URL in the address bar, or by following HTTP links from other websites, Google said.

Google said they "turned on HSTS for, but some work remains on our deployment checklist." I did check, I didn't see HSTS on for them yet but maybe they are rolling it out slowly.

A good way to check is to use SSL Labs test and it would say "HTTP Strict Transport Security (HSTS) with long duration deployed on this server." Here is a screen shot of this site:

click for full size

Of course, do not implement HSTS without HTTPS on your site, that is asking for it. Also, there may be some redirect confusion from GoogleBot tools with that, but do not worry.

Good luck Google going HSTS!

Forum discussion at Google+.

Previous story: Yahoo Search Tests New User Interface
Ninja Banner
blog comments powered by Disqus