What is HSTS?
HTTP Strict Transport Security (HSTS) is a web security policy mechanism, a HTTP header which declare browser to use only HTTPS for particular domain for a specific time-period.
What is Syntax for HSTS?
Strict-Transport-Security: max-age=<expire-time> Strict-Transport-Security: max-age=<expire-time>; includeSubDomains Strict-Transport-Security: max-age=<expire-time>; preload
The time, in seconds, that the browser should remember that a site is only to be accessed using HTTPS.
If this optional parameter is specified, HSTS rule applies to all of the site’s subdomains as well.
Optional syntax used to add Domain in the Chrome Preload List which is maintained by Google.
Just an example
Try this in your browser
Your browser will automatically force HTTPS version:
This way it improves performance. I have been using this feature since a long time.
Does Google recommends using HSTS for a Webmaster?
Yes, they recommend.
How to Implement for your website?
Ask your hosting team to enable HSTS.
via W3TC Total cache plugin: Check Apply HTTP Strict Transport Security policy at Browser cache page.
Using Cloudflare: Login to Cloudflare, Enable HSTS at Crypto page.
What I need to know before implementing HSTS?
If you are using HTTPS, and you commit to maintain it always. You should go for HSTS.
What will happen if someone try to access in HTTP or SSL goes expire?
HTTP will be redirected to HTTPS. If SSL goes expire, visitor will see error page. I recently faced this problem when a subdomain related to email -
tracking.gulshankumar.netwas missing SSL certificate. I had two choice, either to install SSL at tracking subdomain or simply stop using it. I decided to discontinue because tracking was not of my use.
How about Chrome Preload list?
Chrome Preload list is used by major browsers to force HTTPS for first time visitor. This list contains notable name such as Twitter, Facebook, etc. You can also submit at https://hstspreload.org
How much time it takes to get submitted in Chrome Preload list?
Approx 2-3 months. Changes may possibly reflect in newer version browser.
I hope this helps. Please let me know if you have any question.
Thanks & Regards,