What is HSTS and should I use it?

HSTS has been around for a while, but has recently become a hot topic of conversation in blogging forums. 

So what is HSTS?

HSTS stands for HTTP Strict Transport Security. To put it simply, HSTS is another layer of security that makes sure that users who have visited your site will really get to your site and not redirected elsewhere. It does this by forcing sites to load the HTTPS version of the site, even if the visitor tried to access a HTTP version. 

The reason for this is that if pages are redirected to HTTPS using a 301 redirect, there's a security gap where hackers may be able to gain access to your site and steal data.

Do I need it?

It's up to you. Sites on Performance Foundry servers...

Will HSTS help my SEO?

Google recommends HSTS but we haven't seen anywhere that they are giving a ranking boost to sites who have implemented it on top of HTTPS ranking boost. It's possible that in the near future, this will become a standard as well since this makes users' web browsing more secure.

I want HSTS!

We can set up HSTS for you on a site-by-site basis. Just send a support request to support@performancefoundry.com and we'll organise that. We don't set it up as standard for all sites on all servers, as it can cause a slight decrease in site load time, so each site owner can choose to move ahead or not. 

Further reading:

Here is a good article about HSTS: https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it/ for further reading.