HSTS has been around for a while, but has recently become a hot topic of conversation in blogging forums. 

What is HSTS?

HSTS stands for HTTP Strict Transport Security. To put it simply, HSTS is another layer of security that makes sure that users who have visited your site will really get to your site and are not redirected elsewhere. It does this by forcing sites to load the HTTPS version of the site, even if the visitor tried to access a HTTP version. 

The reason for this is that if pages are redirected to HTTPS using a 301 redirect, there's a security gap where hackers may be able to gain access to your site and steal data.

Do I need it?

It's up to you. Sites on Performance Foundry servers are able to use HSTS on request.

(As of mid-September 2018, we have a few servers where it's not yet possible. We're completing these upgrades in September/October 2018.)

Will HSTS help my SEO?

Google recommends HSTS but we haven't seen anywhere that they are giving a ranking boost to sites who have implemented it on top of HTTPS ranking boost. It's possible that in the near future, this will become a standard as well since this makes users' web browsing more secure.

Will HSTS break my site or impact advertising?

It's possible that some third-party scripts and other tools may break, if they are poorly configured. This is often hard to diagnose and sometimes outside of our ability to support.

I want HSTS!

We can set up HSTS for you on a site-by-site basis. Just let us know you'd like it, and we'll organise that. We don't set it up as standard for all sites on all servers, as it can cause a slight decrease in site load time, so each site owner can choose to move ahead or not. 

Further reading:

Here is a good article about HSTS: https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it/ for further reading.