Search Engine Land contributor John Lincoln has shared an useful article sharing some tips on using HSTS for improving SEO and website security.

The HTTP Strict Transport Security (HSTS), a response header instructs browsers for connect to a certain website using HTTPS.  It also speed and security of HTTPS websites.

Lincoln says, “One of the flaws associated with HTTPS is that it isn’t entirely hack-proof.  It leaves your site open to SSL stripping. This occurs when a hacker changes the connection from an encrypted connection to an older version.

This often occurs with 301 redirects – if a website relies on 301 redirects for switching from HTTP to HTTPS.   The 301 redirect usually happens like this:

  • Someone types in examplesite.com into their browser.
  • Because examplesite.com uses a 301 redirect, the browser initially tries to load http://examplesite.com. This happens because the browser can’t know ahead of time that a specific site is using HTTPS.
  • Once it encounters the redirect and is told otherwise, the browser then has the go-ahead to load https://examplesite.com”.

Why websites should be using HSTS to improve security and SEO

Search Engine Land

Sharing is caring