Google supports ‘preload’ list of HTTPS sites

For those of you who’ve been able to move your website to HTTPS, there’s a potential additional advantage. Google has announced that it’s supporting something called the HTTPS Strict Transport Security (HSTS) preload list. In its announcement, it says:

The HSTS preload list is built in to all major browsers (Chrome, Firefox, Safari, Internet Explorer/Edge, and Opera). It consists of a list of hostnames for which browsers automatically enforce HTTPS-secured connections. For example, gmail.com is on the list, which means that the aforementioned browsers will never make insecure connections to Gmail; if the user types http://gmail.com, the browser first changes it to https://gmail.com before sending the request. This provides greater security because the browser never loads an http-to-https redirect page, which could be intercepted.

If you’re on HTTPS, you can put your website on the HSTS preload list for free – this might end up as a quality signal for Google – who knows? In addition, by at least attempting to put your site on the list, you’re likely to find out if your implementation has been done perfectly; in many cases, we’re finding it won’t have been, because there are all sorts of strict requirements which most of us mere mortals won’t understand. So it’s worth checking.

Here’s what you need to do (you don’t need to be technical for this bit). Head on over to the HSTS preload submission page and enter your domain. If you’ve got any errors, it’ll tell you, and you can get whoever set up your HTTPS on the case.

Leave a Reply

Your email address will not be published. Required fields are marked *