HTTP Strict Transport Security: HSTS is a very powerful browser. It is a web server directive, which instructs web browser how to deal with its connection through a response header. These response headers are sent at the beginning and back to the browser. It increases the website security level by ensuring connection over https:// encryption. Basic features of this technology are:
1) It eliminates the ability of HTTPS to be degraded to HTTP
2) Ensures 100% secure information exchange
3) Reduces attacks from hacker significantly
4) Available for Google Chrome and Mozilla Firefox
Features of HSTS
There are two main features implemented by HSTS. Let’s discuss this one by one in detail.
1) HSTS Sub-domain Namespace: Along with protecting domain name, HSTS is also enforced to all sub-domains. This may not be very beneficial to some organizations as they may be reliant on http:// sub-domains for external resources.
2) HSTS Pre-load List: HSTS has a pre-loaded list that will see whether the particular domain can use HSTS. This built-in list, which is loaded in all the browsers are used nowadays. This increases the protection by enforcing https:// to all the queries sent to a domain.
To implement HSTS, follow the following steps:
1) Check the validity of the SSL certificate of your website
2) Redirect all the http:// links to https://
3) Cover all the sub-domains with wild card SSL certificate
4) HSTS header should be served on the base domain for https:// request and set Max-age to at least 18 weeks
5) Specify preload directives and ‘include subdomains’ directives
Failing to fulfill these requirements (1-5) will result in the removal of your listing.
1) It eliminates the ability of HTTPS to be degraded to HTTP
2) Ensures 100% secure information exchange
3) Reduces attacks from hacker significantly
4) Available for Google Chrome and Mozilla Firefox
Features of HSTS
There are two main features implemented by HSTS. Let’s discuss this one by one in detail.
1) HSTS Sub-domain Namespace: Along with protecting domain name, HSTS is also enforced to all sub-domains. This may not be very beneficial to some organizations as they may be reliant on http:// sub-domains for external resources.
2) HSTS Pre-load List: HSTS has a pre-loaded list that will see whether the particular domain can use HSTS. This built-in list, which is loaded in all the browsers are used nowadays. This increases the protection by enforcing https:// to all the queries sent to a domain.
To implement HSTS, follow the following steps:
1) Check the validity of the SSL certificate of your website
2) Redirect all the http:// links to https://
3) Cover all the sub-domains with wild card SSL certificate
4) HSTS header should be served on the base domain for https:// request and set Max-age to at least 18 weeks
5) Specify preload directives and ‘include subdomains’ directives
Failing to fulfill these requirements (1-5) will result in the removal of your listing.
If you need more information regarding Digital Certificate. Give us a call on +1 (888) 606-7330. We will also help you to provide Comodo SSL Certificate for domain and sub-domain to secure your online business website.
No comments:
Post a Comment