Why not default to HTTPS/TLS protocol?

Post a reply


This question is a means of preventing automated form submissions by spambots.
Smilies
:| :? :) :wink: :D XD :3 :( :lol2: :o :shock: O_o :x :stressed: :P :oops: :cry: :evil: :twisted: 8) :augh: :stare: :roll: :annoyed: :hmm: :geek: :lecture: :ninja: :!: :?: :idea: :arrow: :!!!: :...: :zZz:
View more smilies
BBCode is ON
[img] is OFF
[flash] is OFF
[url] is ON
Smilies are ON
Topic review
   

Expand view Topic review: Why not default to HTTPS/TLS protocol?

Why not default to HTTPS/TLS protocol?

Post by Kimloo » 05 Mar 2017, 15:16

Your site works great using HTTPS... so why not default to doing that? Your site gets an "A" rating for the way you have implemented HTTPS, see for yourself:

https://www.ssllabs.com/ssltest/analyze ... wz2100.net

You can use HSTS to make your site visitors web browsers automatically connect to your web server via HTTPS protocol even if they click on a HTTP link to get there. All you have to do is add the following line to your web servers headers:

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Once you do that, then go to this page and add your domain name to the list for HSTS preloading in people's web browsers:

https://hstspreload.org/


You can read all about how to implement HSTS on your website on this page:

https://https.cio.gov/hsts/

.

Top