Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Google.com Begins HTTP Strict Transport Security Migration (HSTS)

$
0
0

Google.com Begins HTTP Strict Transport Security Migration (HSTS)

Google announced Friday they are going HSTS, HTTP Strict Transport Security, for Google.com. That means anyone who tries to go to HTTP will be forced to go to HTTPS, even more than just a 301 redirect.

HSTS prevents people from accidentally navigating to HTTP URLs by automatically converting insecure HTTP URLs into secure HTTPS URLs. Users might navigate to these HTTP URLs by manually typing a protocol-less or HTTP URL in the address bar, or by following HTTP links from other websites, Google said.

Google said they "turned on HSTS for www.google.com, but some work remains on our deployment checklist." I did check, I didn't see HSTS on for them yet but maybe they are rolling it out slowly.

A good way to check is to use SSL Labs test and it would say "HTTP Strict Transport Security (HSTS) with long duration deployed on this server." Here is a screen shot of this site:


Google.com Begins HTTP Strict Transport Security Migration (HSTS)

Of course, do not implementHSTS without HTTPS on your site, that is asking for it. Also, there may be some redirect confusion from GoogleBot tools with that, butdo not worry.

Good luck Google going HSTS!

Forum discussion at Google+ .


Viewing all articles
Browse latest Browse all 12749

Trending Articles