While I’m a firm believer that every site should be using HTTPS, sadly, not every site is yet doing so. Looking at Chrome data, today around 92% of navigations are HTTPS: …and the pages loaded account for around 95% of browsing time: Browsers are working hard to get these numbers up, by locking down non-secureContinue reading “Unexpectedly HTTPS?”
Tag Archives: HSTS
Building your .APP website with NameCheap and GitHub Pages–A Visual Guide
I recently bought a few new domain names under the brand new .app top-level-domain (TLD). The .app TLD is awesome because it’s on the HSTSPreload list, meaning that browsers will automatically use only HTTPS for every request on every domain under .app, keeping connections secure and improving performance. I’m not doing anything terribly exciting withContinue reading “Building your .APP website with NameCheap and GitHub Pages–A Visual Guide”
HSTS Preload and Subdomains
In order to be eligible for the HSTS Preload list, your site must usually serve a Strict-Transport-Security header with an includeSubdomains directive. Unfortunately, some sites do not follow the best practices recommended and instead just set a one-year preload header with includeSubdomains and then immediately request addition to the HSTS Preload list. The result is thatContinue reading “HSTS Preload and Subdomains”
Bolstering HTTPS Security
Last Update: 26 October 2023 When #MovingToHTTPS, the first step is to obtain the necessary certificates for your domains and enable HTTPS on your webserver. After your site is fully HTTPS, there are some other configuration changes you should consider to further enhance the site’s security. Validate Basic Configuration First, use SSLLab’s Server Test toContinue reading “Bolstering HTTPS Security”
text/plain 