Google Increases the Security by Adding HSTS
What is HSTS and how Google has managed to increase its security by adding HSTS? Read this article and discover everything you need to know!
According to the latest news, Google is adding HSTS or HTTP Strict Transport Security in order to increase the protection that prevents online visitors from utilizing a less safe HTTP connection.
By using HSTS, all online visitors following HTTP links to Google will be redirected to a safer HTTP version of the domain. The end goal is increasing the protection against session hijacking, protocol downgrade attacks, and attacks that take advantage of the insecure web connections.
What is HSTS actually?
HSTS or HTTP Strict Transport Security prevents visitors from navigating to HTTP websites by converting unsafe and insecure HTTP websites into secure websites. Online visitors might navigate to these websites by manually typing the HTTP domain in the address search bar or by following the HTTP links from other domains. This is officially confirmed by the technical program manager for security at Google.
The HTTP Strict Transport Security mechanism makes sure that if there is an HTTPS connection the search browser will use it. But, if the HTTPS version of the website is not available, then a less secure version of the website is automatically available.
This innovation and protection of HSTS affect traffic and online visitors not only to Google but it also makes sure that the traffic to other Google services is protected as well including Google Analytics, Google Maps, Google Alerts, and etc. Google has also added HSTS to the YouTube page.
We can say that Google has been a great supporter of HTTPS. Without HSTS, the search browsers have absolutely no way of knowing that a certain website should be delivered safely and they cannot alert or do something when that certain website that should be loaded safely is instead loaded via a standard or normal connection. In other words, the HSTS resolves the issue and manages the servers to send a clear message to the search browser to request a protected and encrypted version of the website.
Even though the HSTS mechanism was proposed in 2012, it has taken a few years to get the approvals and support of the browser companies and major websites in order to complete the implementation. Today, HSTS is supported by Firefox, Chrome, Safari, Edge, and IE 11.
— Simon Griesser (@SimonGriesser) 24 de mayo de 2016