HSTS technology should only be implicit if you secure the correct operation of the https protocol on all pages of your site. You can apply the HTTP Strict Transport Security header or add the HSTS feature in your hosting account to enable automatic forwarding to a secure connection.What is HSTS supportBy entering a domain name in the address bar of a browser without https protocol or in the "site.com" format, you are transported to an unsecured version of the site. The SSL certificate cannot secure the connection when you access a page for the first time. Online scammers use this weak point to harvest users' personal data and transfer it to fake pages.HSTS is an algorithm that encrypts the connection between the browser and the server. Using the Strict Transport .
Security HTTP header secures the connection for a set period. The response header informs the browser that websites can only be accessed over the HTTPS protocol.The main purpose of HSTS is to secure the connection; Yet there are a number of conditions Cyprus Mobile Number List that keep the client at risk: reinstallation of the operating system;reinstall the browser;visiting a certain site for the first time;use another browser;login from a new device such as a tablet;HSTS period expired;release cash.Using the http protocol results in an unsecured connection on the first visit to the site. Most of the time, redirecting to a safe site version is done only after you have visited a certain web resource.To fix the problem, Google created a preload list. When a user wants to access a certain site, the browser first searches for the required address in the list and then connects the client to the server using a secure protocol. You can submit your site to the preload list by submitting a request: HSTS Preload List Submission.
Active HSTS technology will not allow access to the site with an expired SSL certificate or in case the algorithm has detected inaccessible pages with a secure connection. There is no way for a browser to avoid an encrypted connection with HSTS.Getting your site excluded from the preload list is quite complicated. If you decide that your website should no longer be included in the list, simply submit a request. However, it takes more than three months for Chrome and even longer for other browsers to get the answer.In addition, your site will be inaccessible to users while waiting for the response. Therefore, it is strongly recommended that you think about your final decision before adding the website to the preload list. You should only act if you are determined to use https on your website permanently.With the working algorithm, the browser will only show sites with the https protocol enabled. In case a user enters a domain name beginning with http in the address bar, the browser will automatically forward to https . The HSTS mechanism is intended to decrease the number of unencrypted connections and to minimize the theft of cookies and personal data.