By now, most folks should know the difference between hypertext transfer protocol (HTTP) and HTTP secure (HTTPS). If not, HTTP is human-readable content floating through the inner tubes of the magical Internet. HTTPS is an encrypted format of this content, ensuring only involved parties can communicate between each other. The latter is performed by registering a domain name and obtaining an SSL certificate. This certificate encrypts communications between a user and a specified domain name, preventing session hijacking amongst other forms of web attacks.
With developments in Internet security, HTTP Strict Transport Security (HSTS) is a level up in ensuring security. In a nut shell, HSTS is a hard-coded list of domains that are ONLY accessible via HTTPS; this list is available for most major web browsers. Attempting to access a site on this list without HTTPS is futile.
Thanks to Google, they’ve worked on helping shift the world’s Internet usage forward with security in the forefront of their minds. Google has launched several top-level domains (TLDs) that offer security for all subdomains of these TLDs – hassle-free for web developers! Sites hosted with a Google-provided TLD are automatically included in the preloaded HSTS list. This alleviates the need for web developers or those getting started from needing to worry too much about integrating security into their website. Note that there are other measures that can be taken but still, this is a great first step!
Steps like this, from companies with such a large presence, can help cause a worldwide shift. Cyber warfare is an ongoing war; the battles are won one fight at a time. In this case, the weapon of choice is HTTPS and its cousin, HSTS.
Leave a Reply