What is HSTS and should I use it?

What is HSTS and should I use it?

HSTS has been around for a while, but has recently become a hot topic of conversation in blogging forums. 

What is HSTS?

HSTS stands for HTTP Strict Transport Security. To put it simply, HSTS is another layer of security that makes sure that users who have visited your site will really get to your site and are not redirected elsewhere. It does this by forcing sites to load the HTTPS version of the site, even if the visitor tried to access a HTTP version. 

The reason for this is that if pages are redirected to HTTPS using a 301 redirect, there's a security gap where hackers may be able to gain access to your site and steal data.

Do I need it?

It's up to you. Sites on Performance Foundry servers are able to use HSTS on request.

(As of mid-September 2018, we have a few servers where it's not yet possible. We're completing these upgrades in September/October 2018.)

Will HSTS help my SEO?

Google recommends HSTS but we haven't seen anywhere that they are giving a ranking boost to sites who have implemented it on top of HTTPS ranking boost. It's possible that in the near future, this will become a standard as well since this makes users' web browsing more secure.

Will HSTS break my site or impact advertising?

It's possible that some third-party scripts and other tools may break, if they are poorly configured. This is often hard to diagnose and sometimes outside of our ability to support.

I want HSTS!

We can set up HSTS for you on a site-by-site basis. Just let us know you'd like it, and we'll organise that. We don't set it up as standard for all sites on all servers, as it can cause a slight decrease in site load time, so each site owner can choose to move ahead or not. 

Further reading:

Here is a good article about HSTS: https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it/ for further reading. 

    • Related Articles

    • Is it safe to use Quantserve (Quantcast)?

      Some clients use more than one analytics service to learn more about their users. One of those services is Quantserve or Quancast.  The service in itself is safe to use; there is no record of malware being found in their code. Most adblockers will ...
    • Should I use www in my URL?

      Every website has one correct, or "real", URL that is the true address of the site. This could be either www or non-www. When we set up new sites, we tend to choose a non-www URL -- it's shorter! So, if you're setting up a new site, that's our ...
    • When and how to use redirects

      When a post or a page on your site changes its URL, you need to create a redirect rule from the Old URL to the New URL so that users can get to the content. Never use a WordPress plugin to redirect Redirecting with a plugin adds about 200% to the ...
    • When and how to use redirects

      When a post or a page on your site changes its URL, you need to create a redirect rule from the Old URL to the New URL so that users can get to the content. Never use a WordPress plugin to redirect Redirecting with a plugin adds about 200% to the ...
    • Which email address should I use to contact you?

      There are lots of ways to get in touch with the team at Performance Foundry! Here are a few different situations and the best email address to use in each. 1. There's a problem with my site! If you're a hosting client, please report any issues with ...