Why not default to HTTPS/TLS protocol?

Website issues & feedback. Constructive criticism is welcome.
(Guest posting is allowed under certain circumstances)
If you have a problem with certain individuals, then PM the Staff account.
Post Reply
Kimloo
New user
Posts: 4
Joined: 28 Nov 2016, 13:05
Location: 43.61N 116.21W

Why not default to HTTPS/TLS protocol?

Post by Kimloo »

Your site works great using HTTPS... so why not default to doing that? Your site gets an "A" rating for the way you have implemented HTTPS, see for yourself:

https://www.ssllabs.com/ssltest/analyze ... wz2100.net

You can use HSTS to make your site visitors web browsers automatically connect to your web server via HTTPS protocol even if they click on a HTTP link to get there. All you have to do is add the following line to your web servers headers:

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Once you do that, then go to this page and add your domain name to the list for HSTS preloading in people's web browsers:

https://hstspreload.org/


You can read all about how to implement HSTS on your website on this page:

https://https.cio.gov/hsts/

.
Post Reply